Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Generic - Mozilla 4.0 EXE Request"; flow:established,to_server; urilen:6<>15; http.uri; content:".exe"; endswith; http.user_agent; content:"Mozilla/4.0"; fast_pattern; bsize:11; classtype:misc-activity; sid:2020705; rev:8; metadata:attack_target Client_and_Server, created_at 2015_03_18, deployment Perimeter, confidence Low, signature_severity Informational, updated_at 2023_05_02; target:src_ip;)