ET DELETED Possible Malicious Attachment With Double Extension Ending In EXE

SID: 2019650Rev: 20 views
History
Sourceet/open
CreatedNovember 5, 2014
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Possible Malicious Attachment With Double Extension Ending In EXE"; flow:established,to_client; content:"Content-Disposition|3a 20|attachment|3b 20|filename="; nocase; http_header; content:".exe|0d 0a|"; distance:0; http_header; fast_pattern; pcre:"/^Content-Disposition\x3a\x20attachment\x3b\x20filename=[^\r\n]+?\.[a-z]{2,4}\.exe\r?$/Hmi"; classtype:trojan-activity; sid:2019650; rev:2; metadata:created_at 2014_11_05, signature_severity Unknown, updated_at 2019_07_26, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1036, mitre_technique_name Masquerading;)

Metadata

created at2014_11_05
signature severityUnknown
updated at2019_07_26
mitre tactic idTA0005
mitre tactic nameDefense_Evasion
mitre technique idT1036
mitre technique nameMasquerading

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!