Versions (4)
Version DetailsCurrent
Rev: 13 • Nov 15, 2014, 12:00 PMET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile"; flow:established,to_server; http.uri; content:"/"; content:".exe"; distance:1; within:8; fast_pattern; endswith; pcre:"/\/[A-Z]?[a-z]{1,3}[0-9]?\.exe$/"; http.header; content:!"koggames"; http.host; content:!"download.bitdefender.com"; endswith; content:!".appspot.com"; endswith; content:!"kaspersky.com"; endswith; content:!".sophosxl.net"; endswith; http.header_names; content:!"Referer"; nocase; classtype:bad-unknown; sid:2019714; rev:13; metadata:created_at 2014_11_15, performance_impact Significant, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_22;)
Nov 15, 2014, 12:00 PM
Apr 22, 2024, 12:00 PM
Nov 15, 2014, 12:00 PM
Nov 3, 2025, 10:34 PM
rules/emerging-malware.rules