ET INFO Generic - *.com.exe HTTP Attachment - Suricata Rule 2017504 (et/open)

ET INFO Generic - *.com.exe HTTP Attachment

SID: 2017504Rev: 60 viewsHistory

Sourceet/open

CreatedSeptember 21, 2013

UpdatedApril 20, 2023

Classificationsuspicious-filename-detect

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Generic - *.com.exe HTTP Attachment"; flow:established,to_client; http.header; content:".com.exe"; nocase; file.data; content:"MZ"; within:2; classtype:suspicious-filename-detect; sid:2017504; rev:6; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2013_09_21, deployment Perimeter, confidence Medium, signature_severity Informational, updated_at 2023_04_20;)

Metadata

affected productAny

attack targetClient_Endpoint

created at2013_09_21

deploymentPerimeter

confidenceMedium

signature severityInformational

updated at2023_04_20

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!