alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl"; flow:to_server,established; content:".hta"; nocase; fast_pattern; http_uri; pcre:"/\.hta(?:[?&]|$)/Ui"; content:"Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b|"; http_user_agent; depth:34; content:!"Referer|3a|"; http_header; content:!"|0d 0a|Cookie|3a|"; metadata: former_category CURRENT_EVENTS; reference:md5,66a42e338e32fb6c02c9d4c56760d89d; classtype:attempted-user; sid:2024449; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, cve 2017_0199, created_at 2017_07_07, updated_at 2019_10_24;)

Added 2019-10-25 19:12:51 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl"; flow:to_server,established; content:".hta"; nocase; fast_pattern; http_uri; pcre:"/\.hta(?:[?&]|$)/Ui"; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b|"; http_header; content:!"Referer|3a|"; http_header; content:!"|0d 0a|Cookie|3a|"; metadata: former_category CURRENT_EVENTS; reference:md5,66a42e338e32fb6c02c9d4c56760d89d; classtype:attempted-user; sid:2024449; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, cve 2017_0199, created_at 2017_07_07, updated_at 2017_07_07;)

Added 2018-09-13 19:53:53 UTC


Added 2018-09-13 18:01:38 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl"; flow:to_server,established; content:".hta"; nocase; fast_pattern; http_uri; pcre:"/\.hta(?:[?&]|$)/Ui"; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b|"; http_header; content:!"Referer|3a|"; http_header; content:!"|0d 0a|Cookie|3a|"; metadata: former_category CURRENT_EVENTS; reference:md5,66a42e338e32fb6c02c9d4c56760d89d; classtype:attempted-user; sid:2024449; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, cve 2017_0199, created_at 2017_07_07, updated_at 2017_07_07;)

Added 2017-08-07 21:19:49 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl"; flow:to_server,established; content:".hta"; nocase; fast_pattern; http_uri; pcre:"/\.hta(?:[?&]|$)/Ui"; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b|"; http_header; content:!"Referer|3a|"; http_header; content:!"|0d 0a|Cookie|3a|"; reference:md5,66a42e338e32fb6c02c9d4c56760d89d; classtype:attempted-user; sid:2024449; rev:2;)

Added 2017-07-07 18:16:28 UTC


Topic revision: r1 - 2019-10-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats