ET POLICY Possible Trojan File Download bad rar file header (not a valid rar file)

SID: 2008782Rev: 80 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedMay 2, 2024
Classificationbad-unknown
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download bad rar file header (not a valid rar file)"; flow:established,to_client; http.content_type; content:"application|2f|octet-stream"; startswith; http.response_body; content:"|52 61 72 21|"; startswith; fast_pattern; content:!"|1a 07|"; within:2; reference:url,en.wikipedia.org/wiki/RAR_(file_format); classtype:bad-unknown; sid:2008782; rev:8; metadata:attack_target Client_and_Server, created_at 2010_07_30, deployment Perimeter, deprecation_reason Age, confidence Low, signature_severity Minor, updated_at 2024_05_02, reviewed_at 2024_05_02; target:dest_ip;)

References

urlen.wikipedia.org/wiki/RAR_(file_format)

Metadata

attack targetClient_and_Server
created at2010_07_30
deploymentPerimeter
deprecation reasonAge
confidenceLow
signature severityMinor
updated at2024_05_02
reviewed at2024_05_02

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!