ET HUNTING http string in hex Possible Obfuscated Exploit Redirect

SID: 2012118Rev: 40 views
History
Sourceet/open
CreatedDecember 30, 2010
UpdatedNovember 29, 2024
Classificationbad-unknown
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET HUNTING http string in hex Possible Obfuscated Exploit Redirect"; flow:established,to_client; content:"=[|22 5c|x68|5c|x74|5c|x74|5c|x70|5c|x3A|5c|x2F|5c|x2F|5c|"; classtype:bad-unknown; sid:2012118; rev:4; metadata:created_at 2010_12_30, former_category INFO, confidence Medium, signature_severity Minor, updated_at 2024_11_29, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)

Metadata

created at2010_12_30
former categoryINFO
confidenceMedium
signature severityMinor
updated at2024_11_29
mitre tactic idTA0005
mitre tactic nameDefense_Evasion
mitre technique idT1027
mitre technique nameObfuscated_Files_or_Information

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!