ET HUNTING SUSPICIOUS XXTEA UTF-16 Encoded HTTP Response

SID: 2018175Rev: 20 views
History
Sourceet/open
CreatedFebruary 25, 2014
UpdatedJuly 26, 2019
Classificationbad-unknown
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING SUSPICIOUS XXTEA UTF-16 Encoded HTTP Response"; flow:from_server,established; content:"u|00|t|00|f|00|8|00|t|00|o|00|1|00|6|00|"; nocase; content:"x|00|x|00|t|00|e|00|a|00|_|00|d|00|e|00|c|00|r|00|y|00|p|00|t|00|"; nocase; fast_pattern; content:"b|00|a|00|s|00|e|00|6|00|4|00|d|00|e|00|c|00|o|00|d|00|e"; nocase; classtype:bad-unknown; sid:2018175; rev:2; metadata:created_at 2014_02_25, confidence Medium, signature_severity Minor, updated_at 2019_07_26;)

Metadata

created at2014_02_25
confidenceMedium
signature severityMinor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!