Versions (2)
Version DetailsCurrent
Rev: 5 • Jun 10, 2015, 12:00 PMET MALWARE Scanbox Sending Host Data
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Scanbox Sending Host Data"; flow:to_server,established; http.method; content:"GET"; http.uri; content:".jpg"; pcre:"/\/(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{2}==|[A-Za-z0-9_-]{3}=|[A-Za-z0-9_-]{4})\.jpg$/"; http.cookie; content:"recordid="; fast_pattern; depth:9; reference:url,www.alienvault.com/open-threat-exchange/blog/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks; classtype:trojan-activity; sid:2021229; rev:5; metadata:created_at 2015_06_10, signature_severity Major, updated_at 2020_10_28;)
Jun 10, 2015, 12:00 PM
Oct 28, 2020, 12:00 PM
Jun 10, 2015, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules