ET HUNTING Download Request Containing Suspicious Filename - Crypted - Suricata Rule 2022491 (et/open)

ET HUNTING Download Request Containing Suspicious Filename - Crypted

SID: 2022491Rev: 30 viewsHistory

Sourceet/open

CreatedFebruary 4, 2016

UpdatedJune 23, 2020

Classificationtrojan-activity

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Download Request Containing Suspicious Filename - Crypted"; flow:to_server,established; http.method; content:"GET"; http.uri; content:"crypted.exe"; nocase; fast_pattern; endswith; http.header_names; content:!"Referer|0d 0a|"; reference:md5,ff823130efcdf8ab267cad92eb5b90d7; reference:md5,e953e6b3be506c5b8ca80fbcd79c065e; reference:md5,1e2fa2e401cd2295a03ba8d8d3d3698b; classtype:trojan-activity; sid:2022491; rev:3; metadata:created_at 2016_02_04, confidence Medium, signature_severity Major, updated_at 2020_06_23;)

References

md5	ff823130efcdf8ab267cad92eb5b90d7 Google Search Brave Search
md5	e953e6b3be506c5b8ca80fbcd79c065e Google Search Brave Search
md5	1e2fa2e401cd2295a03ba8d8d3d3698b Google Search Brave Search

Metadata

created at2016_02_04

confidenceMedium

signature severityMajor

updated at2020_06_23

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!