ET MALWARE Malicious Notepad++ Update Deployment URL (install.exe)

SID: 2067300Rev: 12 views
Sourceet/open
CreatedFebruary 4, 2026
UpdatedFebruary 4, 2026
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Malicious Notepad++ Update Deployment URL (install.exe)"; flow:established,to_server; http.method; content:"GET"; http.host; pcre:"/^(?:\d{1,3}\.){3}\d{1,3}$/"; http.uri; content:"/update/install.exe"; nocase; fast_pattern; endswith; reference:url,securelist.com/notepad-supply-chain-attack/118708/; classtype:trojan-activity; sid:2067300; rev:1; metadata:affected_product Notepad__, attack_target Client_Endpoint, created_at 2026_02_04, deployment Perimeter, confidence Medium, signature_severity Critical, updated_at 2026_02_04;)

References

urlsecurelist.com/notepad-supply-chain-attack/118708/

Metadata

affected productNotepad__
attack targetClient_Endpoint
created at2026_02_04
deploymentPerimeter
confidenceMedium
signature severityCritical
updated at2026_02_04

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!