Rule History

SID: 2018403 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 16 • Apr 22, 2014, 12:00 PM

Message:

ET DELETED GENERIC Likely Malicious Fake IE Downloading .exe

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; http.uri; content:".exe"; fast_pattern; endswith; content:!"download_helper.ns"; http.header; content:!"softdl.360tpcdn.com"; http.user_agent; content:"|20|MSIE|20|"; http.host; content:!"microsoft.com"; content:!"adobe.com"; content:!"360safe.com"; content:!"cfbeta.razersynapse.com"; content:!"download.windowsupdate.com"; content:!"gladmainnew.morningstar.com"; http.connection; content:"close"; nocase; http.header_names; content:!"Accept-Encoding"; content:!"Referer"; classtype:trojan-activity; sid:2018403; rev:16; metadata:created_at 2014_04_22, signature_severity Unknown, updated_at 2022_05_20;)

Created:

Apr 22, 2014, 12:00 PM

Updated:

May 20, 2022, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-deleted.rules