ET ATTACK_RESPONSE Possibly Malicious VBS Writing to Persistence Registry Location

SID: 2026427Rev: 50 views
History
Sourceet/open
CreatedSeptember 28, 2018
UpdatedApril 19, 2023
Classificationbad-unknown
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET ATTACK_RESPONSE Possibly Malicious VBS Writing to Persistence Registry Location"; flow:established,from_server; http.stat_code; content:"200"; file.data; content:"on|20|error|20|resume|20|next"; nocase; content:".regwrite|20 22|"; distance:0; content:"|5c|software|5c|microsoft|5c|windows|5c|currentversion|5c|run"; within:80; fast_pattern; reference:md5,cac1aedbcb417dcba511db5caae4b8c0; classtype:bad-unknown; sid:2026427; rev:5; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2018_09_28, deployment Perimeter, deployment alert_only, performance_impact Low, signature_severity Major, tag VBS, tag Persistence, updated_at 2023_04_19;)

References

md5
cac1aedbcb417dcba511db5caae4b8c0
Google SearchBrave Search

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_and_Server
created at2018_09_28
deploymentalert_only
performance impactLow
signature severityMajor
tagPersistence
updated at2023_04_19

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!