ET INFO Base64 Encoded powershell.exe in HTTP Response M1

SID: 2025238Rev: 40 views
History
Sourceet/open
CreatedJanuary 22, 2018
UpdatedAugust 24, 2020
Classificationbad-unknown
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Base64 Encoded powershell.exe in HTTP Response M1"; flow:established,from_server; http.content_type; content:"text/plain"; startswith; file.data; content:"cG93ZXJzaGVsbC5leG"; fast_pattern; reference:url,otx.alienvault.com/pulse/5a1348416dd9eb0c92d9897a; classtype:bad-unknown; sid:2025238; rev:4; metadata:created_at 2018_01_22, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_24;)

References

urlotx.alienvault.com/pulse/5a1348416dd9eb0c92d9897a

Metadata

created at2018_01_22
confidenceHigh
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2020_08_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!