ET HUNTING Possible EXE Download From Suspicious TLD (.link) - set - Suricata Rule 2023462 (et/open)

ET HUNTING Possible EXE Download From Suspicious TLD (.link) - set

SID: 2023462Rev: 40 viewsHistory

Sourceet/open

CreatedOctober 27, 2016

UpdatedOctober 7, 2020

Classificationmisc-activity

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Possible EXE Download From Suspicious TLD (.link) - set"; flow:established,to_server; flowbits:set,ET.SuspExeTLDs; flowbits:noalert; http.host; content:".link"; endswith; reference:url,www.spamhaus.org/statistics/tlds/; classtype:misc-activity; sid:2023462; rev:4; metadata:affected_product Any, attack_target Client_and_Server, created_at 2016_10_27, confidence Medium, signature_severity Minor, updated_at 2020_10_07;)

References

url	www.spamhaus.org/statistics/tlds/

Metadata

affected productAny

attack targetClient_and_Server

created at2016_10_27

confidenceMedium

signature severityMinor

updated at2020_10_07

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!