ET MALWARE ASCII Executable Inside of MSCOFF File DL Over HTTP
Sourceet/open
Fileemerging-malware.rules
CreatedDecember 23, 2015
UpdatedMarch 14, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE ASCII Executable Inside of MSCOFF File DL Over HTTP"; flow:established,to_client ; flowbits:isset,et.MCOFF ; file.data; content:"|34 64 35 61|"; content:"|35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 66 36 37 37 32 36 31 36 64 32 30|"; distance:38; reference:md5,f4ee917a481e1718ccc749d2d4ceaa0e ; classtype:trojan-activity; sid:2022303; rev:4; metadata:created_at 2015_12_23, confidence High, signature_severity Major, updated_at 2024_03_14;)
References
| md5 | f4ee917a481e1718ccc749d2d4ceaa0e |
Metadata
created at2015_12_23
confidenceHigh
signature severityMajor
updated at2024_03_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!