alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO AutoIt? User Agent Executable Request"; flow:established,to_server; content:"GET"; http_method; content:".exe"; nocase; http_uri; isdataat:!1,relative; content:"AutoIt"; http_user_agent; depth:6; isdataat:!1,relative; fast_pattern; http_header_names; content:!"Referer"; metadata: former_category INFO; classtype:trojan-activity; sid:2019935; rev:5; metadata:deployment Perimeter, tag AutoIt?, signature_severity Informational, created_at 2014_12_15, performance_impact Low, updated_at 2018_08_14;)

Added 2019-08-16 19:27:09 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO AutoIt? User Agent Executable Request"; flow:established,to_server; content:"GET"; http_method; content:".exe"; nocase; http_uri; isdataat:!1,relative; content:"AutoIt"; http_user_agent; depth:6; isdataat:!1,relative; fast_pattern; http_header_names; content:!"Referer"; metadata: former_category INFO; classtype:trojan-activity; sid:2019935; rev:5; metadata:deployment Perimeter, tag AutoIt?, signature_severity Audit, created_at 2014_12_15, performance_impact Low, updated_at 2018_08_14;)

Added 2019-06-18 18:40:50 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO AutoIt? User Agent Downloading EXE"; flow:established,to_server; content:"GET"; http_method; content:".exe"; nocase; http_uri; isdataat:!1,relative; content:"AutoIt"; http_user_agent; depth:6; isdataat:!1,relative; fast_pattern; http_header_names; content:!"Referer"; metadata: former_category TROJAN; classtype:trojan-activity; sid:2019935; rev:4; metadata:deployment Perimeter, tag AutoIt?, signature_severity Audit, created_at 2014_12_15, performance_impact Low, updated_at 2018_08_14;)

Added 2018-08-14 17:19:16 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN AutoIt? Downloading EXE - Likely Malicious"; flow:established,to_server; content:"GET"; http_method; content:".exe"; nocase; http_uri; content:"User-Agent|3a 20|AutoIt|0d 0a|"; http_header; fast_pattern; content:!"Referer|3a|"; http_header; pcre:"/\.exe$/Ui"; classtype:trojan-activity; sid:2019935; rev:2; metadata:created_at 2014_12_15, updated_at 2014_12_15;)

Added 2017-08-07 21:14:18 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN AutoIt? Downloading EXE - Likely Malicious"; flow:established,to_server; content:"GET"; http_method; content:".exe"; nocase; http_uri; content:"User-Agent|3a 20|AutoIt|0d 0a|"; http_header; fast_pattern; content:!"Referer|3a|"; http_header; pcre:"/\.exe$/Ui"; classtype:trojan-activity; sid:2019935; rev:2;)

Added 2014-12-15 19:01:35 UTC


Topic revision: r1 - 2019-08-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats