2018231 < Main < EmergingThreats

Main Web>2018231 (2020-09-15, TWikiGuest) (raw view)
 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS .scr file download"; flow:established,to_server; content:".scr"; http_uri; isdataat:!1,relative; fast_pattern; content:!"kaspersky.com"; http_host; classtype:trojan-activity; sid:2018231; rev:5; metadata:created_at 2014_03_07, former_category INFO, updated_at 2020_09_15;)

</h2>

Added 2020-09-15 18:38:40 UTC


 %COMMENT{type="threadmode" default="Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps." button="Add to Documentation" }%
 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS .scr file download"; flow:established,to_server; content:".scr"; http_uri; isdataat:!1,relative; fast_pattern; content:!"kaspersky.com"; http_host; classtype:trojan-activity; sid:2018231; rev:5; metadata:created_at 2014_03_07, former_category INFO, updated_at 2019_09_28;)

</h2>

Added 2020-08-05 19:09:40 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS .scr file download"; flow:established,to_server; content:".scr"; http_uri; isdataat:!1,relative; fast_pattern; content:!"kaspersky.com"; http_host; metadata: former_category INFO; classtype:trojan-activity; sid:2018231; rev:5; metadata:created_at 2014_03_07, updated_at 2019_09_28;)

</h2>

Added 2019-10-09 19:08:52 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS .scr file download"; flow:established,to_server; content:".scr"; http_uri; isdataat:!1,relative; fast_pattern; content:!"kaspersky.com"; http_host; classtype:trojan-activity; sid:2018231; rev:5; metadata:created_at 2014_03_07, updated_at 2019_09_28;)

</h2>

Added 2019-10-01 08:28:08 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS .scr file download"; flow:established,to_server; content:".scr"; http_uri; isdataat:!1,relative; fast_pattern; content:!"kaspersky.com"; http_host; classtype:trojan-activity; sid:2018231; rev:5; metadata:created_at 2014_03_07, updated_at 2019_09_28;)

</h2>

Added 2019-10-01 04:22:31 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS .scr file download"; flow:established,to_server; content:".scr"; http_uri; isdataat:!1,relative; fast_pattern; content:!"kaspersky.com"; http_host; classtype:trojan-activity; sid:2018231; rev:5; metadata:created_at 2014_03_07, updated_at 2016_08_25;)

</h2>

Added 2018-09-13 19:48:32 UTC


 
 <hr>
 


 <h2>
 


</h2>

Added 2018-09-13 17:58:30 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS .scr file download"; flow:established,to_server; content:".scr"; http_uri; fast_pattern:only; pcre:"/\x2Escr$/U"; content:!"kaspersky.com|0d 0a|"; http_header; classtype:trojan-activity; sid:2018231; rev:4; metadata:created_at 2014_03_07, updated_at 2016_08_25;)

</h2>

Added 2017-08-07 21:12:17 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS .scr file download"; flow:established,to_server; content:".scr"; http_uri; fast_pattern:only; pcre:"/\x2Escr$/U"; content:!"kaspersky.com|0d 0a|"; http_header; classtype:trojan-activity; sid:2018231; rev:4;)

</h2>

Added 2016-08-26 17:31:54 UTC


 
 <hr>
 


 <h2>
 

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET INFO SUSPICIOUS .scr file download"; flow:established,to_server; content:".scr"; http_uri; fast_pattern:only; pcre:"/\x2Escr$/U"; classtype:trojan-activity; sid:2018231; rev:2;)

</h2>

Added 2014-03-07 19:27:58 UTC


 
 <hr>
Topic revision: r1 - 2020-09-15 - TWikiGuest
Main
User Reference
ATasteOfTWiki
TextFormattingRules
Signature Reference
WebRss Feed
EmergingFAQ