Versions (5)
Version DetailsCurrent
Rev: 5 • Mar 17, 2015, 12:00 PMET MALWARE Likely Geodo/Emotet Downloading PE - Fake UA
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Likely Geodo/Emotet Downloading PE - Fake UA"; flow:established,to_server; http.method; content:"GET"; nocase; http.uri; content:".exe"; endswith; http.header_names; content:!"|0d 0a|Accept-"; content:!"|0d 0a|Referer|0d 0a|"; http.user_agent; content:"Mozilla/5.0 (compatible|3b 20|MSIE 9.0|3b 20|Windows NT 7.1|3b 20|Trident/5.0)"; fast_pattern; reference:md5,6c4d198794d1afd2b8bbae6f16bdfaa7; classtype:trojan-activity; sid:2035044; rev:5; metadata:created_at 2015_03_17, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_23;)
Mar 17, 2015, 12:00 PM
Mar 23, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 5, 2025, 9:34 PM
rules/emerging-malware.rules