alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible MalDoc? Payload Download Nov 11 2014"; flow:established,to_server; content:"/bin.exe"; http_uri; fast_pattern; isdataat:!1,relative; http_header_names; content:!"Referer"; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2019696; rev:3; metadata:created_at 2014_11_11, updated_at 2018_08_23;)

Added 2019-09-10 20:12:52 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible MalDoc? Payload Download Nov 11 2014"; flow:established,to_server; content:"/bin.exe"; http_uri; fast_pattern; isdataat:!1,relative; http_header_names; content:!"Referer"; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2019696; rev:3; metadata:created_at 2014_11_11, updated_at 2018_08_23;)

Added 2018-09-13 19:49:48 UTC


Added 2018-09-13 17:59:17 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible MalDoc? Payload Download Nov 11 2014"; flow:established,to_server; content:"/bin.exe"; http_uri; fast_pattern; isdataat:!1,relative; http_header_names; content:!"Referer"; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2019696; rev:3; metadata:created_at 2014_11_11, updated_at 2018_08_23;)

Added 2018-08-23 18:13:08 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Dridex Campaign Download Nov 11 2014"; flow:established,to_server; content:"/bin.exe"; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/\/bin\.exe$/U"; classtype:trojan-activity; sid:2019696; rev:2; metadata:created_at 2014_11_11, updated_at 2014_11_11;)

Added 2017-08-07 21:14:00 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Dridex Campaign Download Nov 11 2014"; flow:established,to_server; content:"/bin.exe"; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/\/bin\.exe$/U"; classtype:trojan-activity; sid:2019696; rev:2;)

Added 2014-11-11 17:07:29 UTC


Topic revision: r1 - 2019-09-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats