🐾 - 🚨 Suspicious Windows Installer HTTP connection (non MSI download)

SID: 3300117Rev: 20 views
Sourcepawpatrules
CreatedMay 18, 2023
UpdatedJune 26, 2023
Classificationpolicy-violation
alert http $HOME_NET any -> any any (msg:"🐾 - 🚨 Suspicious Windows Installer HTTP connection (non MSI download)"; flow:to_server, stateless; http.method; content:"GET"; http.user_agent; content:"Windows Installer"; depth:17; endswith; fast_pattern; http.uri; content:!".msi"; reference:url,https://www.senseon.io/resource/resurgent-usb-malware-battling-raspberry-robin/; metadata:created_at 2023_05_18, updated_at 2023_06_26; sid:3300117; rev:2; classtype:policy-violation;)

References

urlhttps://www.senseon.io/resource/resurgent-usb-malware-battling-raspberry-robin/

Metadata

created at2023_05_18
updated at2023_06_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!