ET HUNTING PDF embedded in XDP file (Possibly Malicious)

7.0.35.0SID: 2014926Rev: 5Disabled1 views
Sourceet/open
Fileemerging-hunting.rules
CreatedJune 20, 2012
UpdatedApril 8, 2024
Classificationbad-unknown
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING PDF embedded in XDP file (Possibly Malicious)"; flow:established,to_client; file.data; content:"<xdp|3a|xdp"; nocase; fast_pattern; content:"<pdf"; nocase; distance:0; pcre:"/\<xdp\x3axdp(\s+[^\>]*)?\>((?!\<\/xdp[^\>]*\>).)*?\<pdf/si"; reference:url,web.archive.org/web/20210417150956/http://blog.9bplus.com/av-bypass-for-malicious-pdfs-using-xdp/; classtype:bad-unknown; sid:2014926; rev:5; metadata:affected_product Adobe_Reader, attack_target Client_Endpoint, created_at 2012_06_20, deployment Perimeter, deprecation_reason Age, confidence Low, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_08;)

Metadata

affected productAdobe_Reader
attack targetClient_Endpoint
created at2012_06_20
deploymentPerimeter
deprecation reasonAge
confidenceLow
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_08

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!