alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Generic HTTP EXE Upload Outbound"; flow:established,to_server; content:"POST"; http_method; nocase; content:"MZ"; http_client_body; content:"|00 00 00 00|"; http_client_body; distance:0; content:"PE|00 00|"; http_client_body; fast_pattern; distance:0; classtype:misc-activity; sid:2016775; rev:2; metadata:created_at 2013_04_18, updated_at 2013_04_18;)

Added 2018-09-13 19:46:49 UTC


Added 2018-09-13 17:57:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Generic HTTP EXE Upload Outbound"; flow:established,to_server; content:"POST"; http_method; nocase; content:"MZ"; http_client_body; content:"|00 00 00 00|"; http_client_body; distance:0; content:"PE|00 00|"; http_client_body; fast_pattern; distance:0; classtype:misc-activity; sid:2016775; rev:2; metadata:created_at 2013_04_18, updated_at 2013_04_18;)

Added 2017-08-07 21:10:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET INFO Generic HTTP EXE Upload Outbound"; flow:established,to_server; content:"POST"; http_method; nocase; content:"MZ"; http_client_body; content:"|00 00 00 00|"; http_client_body; distance:0; content:"PE|00 00|"; http_client_body; fast_pattern; distance:0; classtype:misc-activity; sid:2016775; rev:1;)

Added 2013-04-18 23:26:21 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats