ET WEB_CLIENT IE trojan Ants3set 1.exe - process injection - Suricata Rule 2001182 (et/open)

ET WEB_CLIENT IE trojan Ants3set 1.exe - process injection

SID: 2001182Rev: 110 views

Sourceet/open

CreatedJuly 30, 2010

UpdatedJuly 26, 2019

Classificationmisc-attack

alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT IE trojan Ants3set 1.exe - process injection"; flow:from_server,established; content:"|00|KERNEL32.DLL|00|GDI32.dll|00|MSVCRT.dll|00|USER32.dll|00||00|LoadLibraryA|00||00|GetProcAddress|00||00|ExitProcess|00|"; classtype:misc-attack; sid:2001182; rev:11; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_07_30, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2019_07_26;)

Metadata

affected productWeb_Browser_Plugins

attack targetClient_Endpoint

created at2010_07_30

deploymentPerimeter

signature severityMajor

tagWeb_Client_Attacks

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!