🐾 - 🚨 Suspicious WebDAV HTTP connection to Internet 🌐 - Possible malicious 👾 trafic from Microsoft Office document 📘

SID: 3300118Rev: 30 views
Sourcepawpatrules
CreatedJune 2, 2023
UpdatedJune 26, 2023
Classificationpolicy-violation
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Suspicious WebDAV HTTP connection to Internet 🌐 - Possible malicious 👾 trafic from Microsoft Office document 📘"; flow:to_server, stateless; http.user_agent; content:"DavClnt"; nocase; reference:url,https://learn.microsoft.com/en-us/windows/win32/api/davclnt/; reference:url,https://blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/; reference:url,https://attack.mitre.org/techniques/T1221/; metadata:created_at 2023_06_02, updated_at 2023_06_26; sid:3300118; rev:3; classtype:policy-violation;)

References

urlhttps://learn.microsoft.com/en-us/windows/win32/api/davclnt/
urlhttps://blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/
urlhttps://attack.mitre.org/techniques/T1221/

Metadata

created at2023_06_02
updated at2023_06_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!