TGI HUNT B64 Encoded PE File in HTTP response with BEGIN CERTIFICATE

SID: 2610874Rev: 115 views
Sourcetgreen/hunting
CreatedOctober 15, 2025
UpdatedOctober 15, 2025
Classificationbad-unknown
alert http any any -> $HOME_NET any (msg:"TGI HUNT B64 Encoded PE File in HTTP response with BEGIN CERTIFICATE"; flow:established; http.response_body; content:"-----BEGIN CERTIFICATE-----"; fast_pattern; content:"TVqQAAMAAAA"; distance:0; within:16; classtype:bad-unknown; sid:2610874; rev:1;)

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!