ET HUNTING Possible EXE Download From Suspicious TLD (.webcam) - set - Suricata Rule 2025497 (et/open)

ET HUNTING Possible EXE Download From Suspicious TLD (.webcam) - set

SID: 2025497Rev: 40 viewsHistory

Sourceet/open

CreatedApril 16, 2018

UpdatedOctober 10, 2020

Classificationmisc-activity

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Possible EXE Download From Suspicious TLD (.webcam) - set"; flow:established,to_server; flowbits:set,ET.SuspExeTLDs; flowbits:noalert; http.host; content:".webcam"; endswith; reference:url,www.spamhaus.org/statistics/tlds/; classtype:misc-activity; sid:2025497; rev:4; metadata:created_at 2018_04_16, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_10;)

References

url	www.spamhaus.org/statistics/tlds/

Metadata

created at2018_04_16

confidenceMedium

signature severityInformational

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_10_10

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!