Versions (4)
Version DetailsCurrent
Rev: 3 • Aug 10, 2018, 12:00 PMET INFO MP3 with ID3 in HTTP Flowbit Set
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO MP3 with ID3 in HTTP Flowbit Set"; flow:from_server,established; file.data; content:"ID3"; within:3; content:"|FB FF|"; distance:0; flowbits:set,ET.mp3.in.http; flowbits:noalert; classtype:not-suspicious; sid:2025986; rev:3; metadata:affected_product Adobe_Flash, created_at 2018_08_10, deployment Perimeter, deprecation_reason Relevance, performance_impact Low, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_19;)
Aug 10, 2018, 12:00 PM
Apr 19, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 29, 2025, 9:34 PM
rules/emerging-info.rules