ET HUNTING SUSPICIOUS UA (iexplore)
Sourceet/open
Fileemerging-hunting.rules
CreatedAugust 21, 2013
UpdatedApril 13, 2024
Classificationbad-unknown
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING SUSPICIOUS UA (iexplore)"; flow:established,to_server ; http.user_agent; content:"iexplore"; startswith; fast_pattern; nocase; http.host; content:!"su.pctools.com"; content:!".advent.com"; reference:md5,b0e8ce16c42dee20d2c1dfb1b87b3afc ; classtype:bad-unknown; sid:2017365; rev:15; metadata:attack_target Client_Endpoint, created_at 2013_08_21, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence Low, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_13; target:src_ip;)
References
| md5 | b0e8ce16c42dee20d2c1dfb1b87b3afc |
Metadata
attack targetClient_Endpoint
created at2013_08_21
deploymentSSLDecrypt
performance impactLow
confidenceLow
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!