Rule History

SID: 2610370 • Source: tgreen/hunting

Versions (4)

Version DetailsCurrent

Rev: 1 • Mar 19, 2025, 4:38 PM

Message:

TGI HUNT .bin HTTP download missing headers

Rule:

alert http any any -> any any (msg:"TGI HUNT .bin HTTP download missing headers"; flow:established,to_server; content:".bin"; http_uri; endswith; http_header_names; content:"|0d 0a|Host|0d 0a|Connection|0d 0a 0d 0a|"; classtype:bad-unknown; sid:2610370; rev:1;)

Created:

Mar 19, 2025, 4:38 PM

Updated:

Mar 19, 2025, 4:38 PM

DB Created:

Jul 29, 2025, 5:35 PM

DB Updated:

Jul 29, 2025, 5:35 PM

Filename:

hunting.rules