alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO possible .jpg download by VBA macro"; flow:established,to_server; content:"GET"; http_method; content:".jpg"; http_uri; content:!"Referer|3A|"; http_header; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|en-us|0d 0a|Range|3a 20|"; http_header; content:"MSIE 7.0|3b| Windows NT"; fast_pattern; http_header; flowbits:set,ET.vba-jpg-dl; flowbits:noalert; classtype:trojan-activity; sid:2022262; rev:3; metadata:created_at 2015_12_15, updated_at 2020_06_10;)

Added 2021-09-21 20:00:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO possible .jpg download by VBA macro"; flow:established,to_server; content:"GET"; http_method; content:".jpg"; http_uri; content:!"Referer|3A|"; http_header; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|en-us|0d 0a|Range|3a 20|"; http_header; content:"MSIE 7.0|3b| Windows NT"; fast_pattern; http_header; flowbits:set,ET.vba-jpg-dl; flowbits:noalert; classtype:trojan-activity; sid:2022262; rev:3; metadata:created_at 2015_12_14, updated_at 2020_06_10;)

Added 2020-06-10 18:27:10 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO possible .jpg download by VBA macro"; flow:established,to_server; content:"GET"; http_method; content:".jpg"; http_uri; content:!"Referer|3A|"; http_header; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|en-us|0d 0a|Range|3a 20|"; http_header; content:"MSIE 7.0|3b| Windows NT"; fast_pattern; http_header; flowbits:set,ET.vba-jpg-dl; flowbits:noalert; classtype:trojan-activity; sid:2022262; rev:3; metadata:created_at 2015_12_14, updated_at 2015_12_14;)

Added 2018-09-13 19:52:04 UTC


Added 2018-09-13 18:00:36 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO possible .jpg download by VBA macro"; flow:established,to_server; content:"GET"; http_method; content:".jpg"; http_uri; content:!"Referer|3A|"; http_header; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|en-us|0d 0a|Range|3a 20|"; http_header; content:"MSIE 7.0|3b| Windows NT"; fast_pattern; http_header; flowbits:set,ET.vba-jpg-dl; flowbits:noalert; classtype:trojan-activity; sid:2022262; rev:3; metadata:created_at 2015_12_14, updated_at 2015_12_14;)

Added 2017-08-07 21:17:07 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO possible .jpg download by VBA macro"; flow:established,to_server; content:"GET"; http_method; content:".jpg"; http_uri; content:!"Referer|3A|"; http_header; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|en-us|0d 0a|Range|3a 20|"; http_header; content:"MSIE 7.0|3b| Windows NT"; fast_pattern; http_header; flowbits:set,ET.vba-jpg-dl; flowbits:noalert; classtype:trojan-activity; sid:2022262; rev:3;)

Added 2015-12-14 17:46:34 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats