#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; content:!"gladmainnew.morningstar.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; classtype:trojan-activity; sid:2018403; rev:14; metadata:created_at 2014_04_22, former_category MALWARE, updated_at 2022_05_20;)
Added 2022-05-20 17:37:23 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; content:!"gladmainnew.morningstar.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; classtype:trojan-activity; sid:2018403; rev:13; metadata:created_at 2014_04_22, former_category TROJAN, updated_at 2020_10_27;)
Added 2021-09-21 19:59:20 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; content:!"gladmainnew.morningstar.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; classtype:trojan-activity; sid:2018403; rev:13; metadata:created_at 2014_04_21, former_category TROJAN, updated_at 2020_10_27;)
Added 2020-10-27 18:18:33 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; content:!"gladmainnew.morningstar.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; classtype:trojan-activity; sid:2018403; rev:13; metadata:created_at 2014_04_21, former_category TROJAN, updated_at 2019_12_31;)
Added 2020-08-05 19:09:47 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; content:!"gladmainnew.morningstar.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:13; metadata:created_at 2014_04_21, updated_at 2019_12_31;)
Added 2019-12-31 19:14:18 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:12; metadata:created_at 2014_04_21, updated_at 2019_09_28;)
Added 2019-10-01 08:28:08 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:12; metadata:created_at 2014_04_21, updated_at 2019_09_28;)
Added 2019-10-01 04:22:32 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:12; metadata:created_at 2014_04_21, updated_at 2019_08_13;)
Added 2019-08-13 19:54:22 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_host; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:11; metadata:created_at 2014_04_21, updated_at 2018_10_09;)
Added 2018-10-09 18:08:44 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_host; content:!"cfbeta.razersynapse.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:10; metadata:created_at 2014_04_21, updated_at 2017_03_16;)
Added 2018-09-13 19:48:42 UTC
Added 2018-09-13 17:58:37 UTC
alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:9; metadata:created_at 2014_04_21, updated_at 2017_03_16;)
Added 2017-08-07 21:12:28 UTC
alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)
Added 2017-05-05 16:58:53 UTC
alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:9;)
Added 2017-05-03 17:35:13 UTC
alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)
Added 2017-03-20 19:16:55 UTC
alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)
Added 2017-03-16 22:26:32 UTC
alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; classtype:trojan-activity; sid:2018403; rev:8;)
Added 2015-05-28 18:19:54 UTC
alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; classtype:trojan-activity; sid:2018403; rev:7;)
Added 2014-10-03 16:40:41 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!".dlservice.microsoft.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; classtype:trojan-activity; sid:2018403; rev:4;)
Added 2014-05-30 18:34:06 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!".dlservice.microsoft.com|0d 0a|"; http_header; classtype:trojan-activity; sid:2018403; rev:3;)
Added 2014-05-01 18:28:41 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; classtype:trojan-activity; sid:2018403; rev:2;)
Added 2014-04-21 19:36:52 UTC