ET HUNTING Suspicious GET Request for .i686 File

SID: 2038654Rev: 10 views
History
Sourceet/open
CreatedAugust 29, 2022
UpdatedAugust 29, 2022
Classificationbad-unknown
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Suspicious GET Request for .i686 File"; flow:established,to_server; http.method; content:"GET"; http.uri; content:".i686"; endswith; fast_pattern; http.host; pcre:"/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/"; http.header_names; content:!"Referer"; reference:md5,59a83208dd897b3714dc80e15253120e; classtype:bad-unknown; sid:2038654; rev:1; metadata:created_at 2022_08_29, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_08_29, reviewed_at 2024_12_02;)

References

md5
59a83208dd897b3714dc80e15253120e
Google SearchBrave Search

Metadata

created at2022_08_29
deploymentSSLDecrypt
confidenceMedium
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_08_29
reviewed at2024_12_02

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!