ET CURRENT_EVENTS Likely Evil XMLDOM Detection of Local File

SID: 2018783Rev: 20 views
History
Sourceet/open
CreatedJuly 25, 2014
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Likely Evil XMLDOM Detection of Local File"; flow:from_server,established; file_data; content:"-2147023083"; nocase; fast_pattern:only; content:"res|3a 2f|"; nocase; content:"<!DOCTYPE html PUBLIC"; nocase; reference:url,alienvault.com/open-threat-exchange/blog/attackers-abusing-internet-explorer-to-enumerate-software-and-detect-securi/; classtype:trojan-activity; sid:2018783; rev:2; metadata:created_at 2014_07_25, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

References

urlalienvault.com/open-threat-exchange/blog/attackers-abusing-internet-explorer-to-enumerate-software-and-detect-securi/

Metadata

created at2014_07_25
confidenceMedium
signature severityMajor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!