alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Possibly Suspicious Request for Putty.exe from Non-Standard Download Location"; flow:to_server,established; content:"GET"; http_method; content:"/putty.exe"; http_uri; nocase; isdataat:!1,relative; content:!"the.earth.li"; http_host; metadata: former_category INFO; classtype:bad-unknown; sid:2026570; rev:1; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, deployment Perimeter, signature_severity Minor, created_at 2018_11_02, updated_at 2018_11_02;)

Added 2018-11-02 17:29:30 UTC


Topic revision: r1 - 2018-11-02 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats