ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

7.0.35.0SID: 2019714Rev: 13Enabled7 views
Sourceet/open
Fileemerging-malware.rules
CreatedNovember 15, 2014
UpdatedApril 21, 2024
Classificationbad-unknown
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile"; flow:established,to_server; http.uri; content:"/"; content:".exe"; distance:1; within:8; fast_pattern; endswith; pcre:"/\/[A-Z]?[a-z]{1,3}[0-9]?\.exe$/"; http.header; content:!"koggames"; http.host; content:!"download.bitdefender.com"; endswith; content:!".appspot.com"; endswith; content:!"kaspersky.com"; endswith; content:!".sophosxl.net"; endswith; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; nocase; classtype:bad-unknown; sid:2019714; rev:13; metadata:created_at 2014_11_15, performance_impact Significant, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_21;)

Metadata

created at2014_11_15
performance impactSignificant
confidenceMedium
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_21

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!