Versions (2)
Version DetailsCurrent
Rev: 6 • Jan 16, 2015, 12:00 PMET MALWARE Filename svchost.exe Download - Common Hostile Filename
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Filename svchost.exe Download - Common Hostile Filename"; flow:established,to_client; http.header; content:"filename="; content:"svchost.exe"; nocase; fast_pattern; within:11; pcre:"/^Content-Disposition\x3a attachment\x3b filename=[\x27\x22]svchost\.exe[\x22\x27]\r\n/mi"; classtype:trojan-activity; sid:2020198; rev:6; metadata:created_at 2015_01_16, signature_severity Major, updated_at 2020_05_14;)
Jan 16, 2015, 12:00 PM
May 14, 2020, 12:00 PM
Jan 16, 2015, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules