ET INFO Executable served from Amazon S3
Sourceet/open
Fileemerging-info.rules
CreatedAugust 17, 2011
UpdatedApril 9, 2024
Classificationbad-unknown
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Executable served from Amazon S3"; flow:established,to_client ; http.server; content:"AmazonS3"; fast_pattern; file.data; content:"MZ"; startswith; byte_jump:4,58,relative,little ; content:"PE|00 00|"; distance:-64; within:4; reference:url,blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/ ; reference:url,www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud ; classtype:bad-unknown; sid:2013414; rev:11; metadata:created_at 2011_08_17, performance_impact Moderate, confidence High, signature_severity Informational, updated_at 2024_04_09;)
References
Metadata
created at2011_08_17
performance impactModerate
confidenceHigh
signature severityInformational
updated at2024_04_09
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!