Rule History

SID: 2027198 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 3 • Apr 15, 2019, 12:00 PM

Message:

ET WEB_CLIENT Tech Support Scam Landing M2 2019-04-15

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Tech Support Scam Landing M2 2019-04-15"; flow:established,from_server; http.stat_code; content:"200"; file.data; content:"createOscillator|28 29|"; content:"createGain|28 29|"; distance:0; content:"|3e|System|20|Warning!|3c 2f|span|3e|"; distance:0; fast_pattern; content:"|3c|b|3e|Windows|20|Version"; distance:0; classtype:social-engineering; sid:2027198; rev:3; metadata:created_at 2019_04_15, confidence High, signature_severity Major, tag Tech_Support_Scam, tag Malvertising, updated_at 2020_09_01;)

Created:

Apr 15, 2019, 12:00 PM

Updated:

Sep 1, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-web_client.rules