ET HUNTING Suspicious Request to Image with User-Agent Ending in .exe

SID: 2030732Rev: 20 views
History
Sourceet/open
CreatedAugust 25, 2020
UpdatedAugust 25, 2020
Classificationmisc-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Suspicious Request to Image with User-Agent Ending in .exe"; flow:established,to_server; http.uri; pcre:"/\.(?:gif|jpe?g|png)$/i"; http.user_agent; content:".exe"; endswith; fast_pattern; classtype:misc-activity; sid:2030732; rev:2; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2020_08_25, deployment Perimeter, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_25;)

Metadata

affected productWeb_Browsers
attack targetClient_Endpoint
created at2020_08_25
deploymentPerimeter
confidenceMedium
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2020_08_25

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!