alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible Maldoc Downloading EXE Jul 26 2016"; flow:established,to_server;content:!".exe"; http_uri; nocase; pcre:"/\/(?:[a-z0-9]+_){4,}[a-z0-9]+(?:\/[a-f0-9]+)*?\/[a-f0-9]+\.(?![Ee][Xx][Ee])[a-z0-9]+$/U"; content:"|3a 20|Microsoft BITS"; http_header; fast_pattern:only; content:!".microsoft.com|0d 0a|"; http_header; nocase; metadata: former_category CURRENT_EVENTS; reference:md5,82fb5101847e734dd9b36f51f1fc73e3; classtype:trojan-activity; sid:2022983; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag MalDoc?, signature_severity Major, created_at 2016_07_26, malware_family MalDocGeneric?, performance_impact Low, updated_at 2016_08_10;)

Added 2019-09-10 20:12:54 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Maldoc Downloading EXE Jul 26 2016"; flow:established,to_server;content:!".exe"; http_uri; nocase; pcre:"/\/(?:[a-z0-9]+_){4,}[a-z0-9]+(?:\/[a-f0-9]+)*?\/[a-f0-9]+\.(?![Ee][Xx][Ee])[a-z0-9]+$/U"; content:"|3a 20|Microsoft BITS"; http_header; fast_pattern:only; content:!".microsoft.com|0d 0a|"; http_header; nocase; reference:md5,82fb5101847e734dd9b36f51f1fc73e3; classtype:trojan-activity; sid:2022983; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag MalDoc?, signature_severity Major, created_at 2016_07_26, malware_family MalDocGeneric?, performance_impact Low, updated_at 2016_08_10;)

Added 2017-08-07 21:18:00 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Maldoc Downloading EXE Jul 26 2016"; flow:established,to_server;content:!".exe"; http_uri; nocase; pcre:"/\/(?:[a-z0-9]+_){4,}[a-z0-9]+(?:\/[a-f0-9]+)*?\/[a-f0-9]+\.(?![Ee][Xx][Ee])[a-z0-9]+$/U"; content:"|3a 20|Microsoft BITS"; http_header; fast_pattern:only; content:!".microsoft.com|0d 0a|"; http_header; nocase; reference:md5,82fb5101847e734dd9b36f51f1fc73e3; classtype:trojan-activity; sid:2022983; rev:3;)

Added 2016-08-10 17:26:07 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Maldoc Downloading EXE Jul 26 2016"; flow:established,to_server;content:!".exe"; http_uri; nocase; pcre:"/\/(?:[a-z0-9]+_){4,}[a-z0-9]+(?:\/[a-f0-9]+)*?\/[a-f0-9]+\.(?![Ee][Xx][Ee])[a-z0-9]+$/U"; content:"|3a 20|Microsoft BITS"; http_header; fast_pattern:only; reference:md5,82fb5101847e734dd9b36f51f1fc73e3; classtype:trojan-activity; sid:2022983; rev:2;)

Added 2016-07-26 18:52:00 UTC


Topic revision: r1 - 2019-09-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats