Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Malicious XLS DDE rar Drop Fake 404 Response"; flow:established,to_client; flowbits:isset,ET.xls.dde.drop; http.stat_code; content:"200"; file.data; content:"<h1>404 Not Found</h1><span>The resource requested could not be found on this server!</span>"; endswith; reference:md5,63b070b222d170ef4cc35ad94d42a088; classtype:trojan-activity; sid:2026491; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_10_16, deployment Perimeter, malware_family MalDocGeneric, malware_family Maldoc, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_16;)