EmergingThreats> Main Web>2029112 (2019-12-12, TWikiGuest) EditAttach

Added 2019-12-11 19:21:46 UTC

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Suspicious VBS Encoding Observed in Unknown EK"; flow:established,to_client; http_content_type; content:"application/octet-stream"; file_data; content:"Execute chr("; depth:12; fast_pattern; pcre:"/^-?\d+[/+]/R"; content:"CLng(&H"; within:7; pcre:"/^[A-F0-9]+/R"; content:"))&chr("; within:7; content:"CLng(&H"; distance:0; content:"))&chr("; distance:0; content:"CLng(&H"; distance:0; content:"))&chr("; distance:0; content:"CLng(&H"; distance:0; content:"))&chr("; distance:0; content:"CLng(&H"; distance:0; content:"))&chr("; distance:0; content:"CLng(&H"; distance:0; content:"))&chr("; distance:0; content:"CLng(&H"; distance:0; content:"))&chr("; distance:0; classtype:bad-unknown; sid:2029112; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_12_11, updated_at 2019_12_11;)

Added 2019-12-11 18:42:44 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2019-12-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats