ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Sourceet/open
Fileemerging-malware.rules
CreatedNovember 15, 2014
UpdatedApril 22, 2024
Classificationbad-unknown
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile"; flow:established,to_server ; http.uri; content:"/"; content:".exe"; distance:1; within:8; fast_pattern; endswith; pcre:"/\/[A-Z]?[a-z]{1,3}[0-9]?\.exe$/" ; http.header; content:!"koggames"; http.host; content:!"download.bitdefender.com"; endswith; content:!".appspot.com"; endswith; content:!"kaspersky.com"; endswith; content:!".sophosxl.net"; endswith; http.header_names; content:!"Referer"; nocase; classtype:bad-unknown; sid:2019714; rev:13; metadata:created_at 2014_11_15, performance_impact Significant, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_22;)
Metadata
created at2014_11_15
performance impactSignificant
confidenceMedium
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_22
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!