Versions (4)
Version DetailsCurrent
Rev: 7 • Sep 11, 2014, 12:00 PMET MALWARE Possible Malicious Invoice EXE
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible Malicious Invoice EXE"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/invoice"; nocase; fast_pattern; pcre:"/\/invoice[^a-z\/]*?\.(?:exe|zip|7z|rar|com|vbs|ps1)$/i"; reference:md5,bdf12366779ce94178c2d1e495565d2b; classtype:trojan-activity; sid:2019158; rev:7; metadata:created_at 2014_09_11, confidence Medium, signature_severity Major, updated_at 2020_10_09;)
Sep 11, 2014, 12:00 PM
Oct 9, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules