#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Windows executable sent when remote host claims to send an image M2"; flow: established,from_server; http_content_type; content:"image/jpeg"; depth:10; isdataat:!1,relative; file_data; content:"MZ"; within:2; content:"!This program"; distance:0; fast_pattern; metadata: former_category MALWARE; classtype:trojan-activity; sid:2020757; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2015_03_26, performance_impact Low, updated_at 2017_12_21;)

Added 2018-09-13 19:50:51 UTC


Added 2018-09-13 17:59:52 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Windows executable sent when remote host claims to send an image M2"; flow: established,from_server; http_content_type; content:"image/jpeg"; depth:10; isdataat:!1,relative; file_data; content:"MZ"; within:2; content:"!This program"; distance:0; fast_pattern; metadata: former_category MALWARE; classtype:trojan-activity; sid:2020757; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2015_03_26, performance_impact Low, updated_at 2017_12_21;)

Added 2017-12-21 16:30:38 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Windows executable sent when remote host claims to send an image 2"; flow: established,from_server; content:"|0d 0a|Content-Type|3a| image/jpeg"; http_header; file_data; content:"MZ"; within:2; content:"!This program"; distance:0; fast_pattern; classtype:trojan-activity; sid:2020757; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2015_03_26, performance_impact Low, updated_at 2017_01_19;)

Added 2017-08-07 21:15:19 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Windows executable sent when remote host claims to send an image 2"; flow: established,from_server; content:"|0d 0a|Content-Type|3a| image/jpeg"; http_header; file_data; content:"MZ"; within:2; content:"!This program"; distance:0; fast_pattern; classtype:trojan-activity; sid:2020757; rev:3;)

Added 2017-01-19 18:06:51 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Windows executable sent when remote host claims to send an image 2"; flow: established,from_server; content:"|0d 0a|Content-Type|3a| image/jpeg|0d 0a 0d 0a|MZ"; fast_pattern:12,20; classtype:trojan-activity; sid:2020757; rev:2;)

Added 2015-03-26 19:37:32 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats