ET HUNTING Observed Interesting Content-Type Inbound (application/x-sh)
Sourceet/open
Fileemerging-hunting.rules
CreatedMarch 2, 2021
UpdatedApril 15, 2024
Classificationpolicy-violation
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING Observed Interesting Content-Type Inbound (application/x-sh)"; flow:established,to_client ; http.content_type; content:"application/x-sh"; startswith; fast_pattern; pcre:"/^(?:\x3b|$)/R" ; reference:url,developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types ; classtype:policy-violation; sid:2031747; rev:4; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2021_03_02, deployment Perimeter, performance_impact Significant, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_15;)
Metadata
affected productAny
attack targetClient_Endpoint
created at2021_03_02
deploymentPerimeter
performance impactSignificant
confidenceMedium
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_15
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!