ET MALWARE HTTP Request to a *.pw domain with direct request/fake browser (multiple families flowbit set)

SID: 2018571Rev: 40 views
History
Sourceet/open
CreatedJune 17, 2014
UpdatedApril 30, 2020
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE HTTP Request to a *.pw domain with direct request/fake browser (multiple families flowbit set)"; flow:to_server,established; flowbits:noalert; flowbits:set,ET.Suspicious.Domain.Fake.Browser; http.header_names; content:!"|0d 0a|Referer|0d 0a|"; content:!"|0d 0a|Accept-Language|0d 0a|"; http.host; content:".pw"; fast_pattern; pcre:"/^(?:\x3a\d{1,5})?$/i"; classtype:trojan-activity; sid:2018571; rev:4; metadata:created_at 2014_06_17, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_30;)

Metadata

created at2014_06_17
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2020_04_30

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!