alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO SUSPICIOUS Excel Add-in Download M2"; flow:to_server,established; content:".xla"; nocase; http_header; pcre:"/Content-Disposition\x3a[^\r\n]*?\.xla[\s\x22\x27]/Hi"; metadata: former_category INFO; reference:url,blogs.mcafee.com/mcafee-labs/patch-now-simple-office-protected-view-bypass-could-have-big-impact/; classtype:bad-unknown; sid:2022966; rev:2; metadata:created_at 2016_07_13, updated_at 2016_07_13;)

Added 2019-10-09 19:08:54 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO SUSPICIOUS Excel Add-in Download M2"; flow:to_server,established; content:".xla"; nocase; http_header; pcre:"/Content-Disposition\x3a[^\r\n]*?\.xla[\s\x22\x27]/Hi"; reference:url,blogs.mcafee.com/mcafee-labs/patch-now-simple-office-protected-view-bypass-could-have-big-impact/; classtype:bad-unknown; sid:2022966; rev:2; metadata:created_at 2016_07_13, updated_at 2016_07_13;)

Added 2018-09-13 19:52:43 UTC


Added 2018-09-13 18:01:00 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO SUSPICIOUS Excel Add-in Download M2"; flow:to_server,established; content:".xla"; nocase; http_header; pcre:"/Content-Disposition\x3a[^\r\n]*?\.xla[\s\x22\x27]/Hi"; reference:url,blogs.mcafee.com/mcafee-labs/patch-now-simple-office-protected-view-bypass-could-have-big-impact/; classtype:bad-unknown; sid:2022966; rev:2; metadata:created_at 2016_07_13, updated_at 2016_07_13;)

Added 2017-08-07 21:17:59 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO SUSPICIOUS Excel Add-in Download M2"; flow:to_server,established; content:".xla"; nocase; http_header; pcre:"/Content-Disposition\x3a[^\r\n]*?\.xla[\s\x22\x27]/Hi"; reference:url,blogs.mcafee.com/mcafee-labs/patch-now-simple-office-protected-view-bypass-could-have-big-impact/; classtype:bad-unknown; sid:2022966; rev:2;)

Added 2016-07-13 19:53:29 UTC


Topic revision: r1 - 2019-10-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats