ET HUNTING Observed Zip Slip in TAR Archive (../) Inbound M1

SID: 2064946Rev: 10 views
History
Sourceet/open
CreatedSeptember 29, 2025
UpdatedSeptember 29, 2025
Classificationmisc-attack
alert tcp any any -> $HOME_NET any (msg:"ET HUNTING Observed Zip Slip in TAR Archive (../) Inbound M1"; flow:established,to_client; file.magic; content:"POSIX tar archive"; file.data; content:"|00 00 00 2e 2e 2f|"; fast_pattern; reference:url,security.snyk.io/research/zip-slip-vulnerability; classtype:misc-attack; sid:2064946; rev:1; metadata:attack_target Client_Endpoint, created_at 2025_09_29, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_09_29, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information; target:dest_ip;)

References

urlsecurity.snyk.io/research/zip-slip-vulnerability

Metadata

attack targetClient_Endpoint
created at2025_09_29
deploymentInternal
confidenceMedium
signature severityMinor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2025_09_29
mitre tactic idTA0005
mitre tactic nameDefense_Evasion
mitre technique idT1027
mitre technique nameObfuscated_Files_or_Information

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!