ET HUNTING Single Character jpg Requested via PowerShell

SID: 2056739Rev: 18 views
Sourceet/open
CreatedOctober 21, 2024
UpdatedOctober 21, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Single Character jpg Requested via PowerShell"; flow:established,to_server; urilen:6; http.method; content:"GET"; http.uri; content:"|2e|jpg"; endswith; pcre:"/^\x2f[a-zA-Z0-9]{1}\x2ejpg$/"; http.user_agent; content:"WindowsPowerShell"; fast_pattern; reference:md5,bf3f46460851ba21241123f81477e567; classtype:command-and-control; sid:2056739; rev:1; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2024_10_21, deployment Perimeter, confidence Medium, signature_severity Informational, updated_at 2024_10_21;)

References

md5
bf3f46460851ba21241123f81477e567
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
tls stateplaintext
created at2024_10_21
deploymentPerimeter
confidenceMedium
signature severityInformational
updated at2024_10_21

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!