ET HUNTING Observed Suspicious Reversed String Inbound (Powershell)

7.0.35.0SID: 2036350Rev: 1Enabled0 views
Sourceet/open
Fileemerging-hunting.rules
CreatedApril 25, 2022
UpdatedApril 25, 2022
Classificationbad-unknown
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING Observed Suspicious Reversed String Inbound (Powershell)"; flow:established,to_client; http.stat_code; content:"200"; file.data; content:"llehSrewoP"; nocase; classtype:bad-unknown; sid:2036350; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_04_25, deployment Perimeter, confidence Medium, signature_severity Informational, updated_at 2022_04_25;)

Metadata

attack targetClient_Endpoint
created at2022_04_25
deploymentPerimeter
confidenceMedium
signature severityInformational
updated at2022_04_25

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!