Versions (4)
Version DetailsCurrent
Rev: 1 • Mar 19, 2025, 4:38 PMTGI HUNT Content-Type jpeg serving PE likely hostile
alert http any any -> any any (msg:"TGI HUNT Content-Type jpeg serving PE likely hostile"; flow:established,from_server; content:"200"; http_stat_code; content:"Content-Type|3a 20|image/jpeg"; http_header; file_data; content:"MZ"; depth:2; byte_jump:4,58,relative,little; threshold:type limit, track by_src, seconds 60, count 1; classtype:bad-unknown; sid:2610284; rev:1;)
Mar 19, 2025, 4:38 PM
Mar 19, 2025, 4:38 PM
Jul 29, 2025, 5:35 PM
Jul 29, 2025, 5:35 PM
hunting.rules