ET MALWARE HTTP Request to a *.su domain with direct request/fakebrowser (multiple families flowbit set)

SID: 2018570Rev: 50 views
History
Sourceet/open
CreatedJune 17, 2014
UpdatedApril 29, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE HTTP Request to a *.su domain with direct request/fakebrowser (multiple families flowbit set)"; flow:to_server,established; flowbits:noalert; flowbits:set,ET.Suspicious.Domain.Fake.Browser; http.header_names; content:!"|0d 0a|Referer|0d 0a|"; content:!"|0d 0a|Accept-Language|0d 0a|"; http.host; content:".su"; pcre:"/^(?:\x3a\d{1,5})?$/Ri"; classtype:trojan-activity; sid:2018570; rev:5; metadata:created_at 2014_06_17, performance_impact Significant, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_29;)

Metadata

created at2014_06_17
performance impactSignificant
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_29

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!