ET MALWARE TA577 Style Response (2023-05-15)
Sourceet/open
Fileemerging-malware.rules
CreatedSeptember 25, 2023
UpdatedApril 19, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE TA577 Style Response (2023-05-15)"; flow:established,to_client ; flowbits:isset,ET.TA557.20230515.Request ; http.stat_code; content:"200"; http.header; header_lowercase; content:"content-description|3a 20|File Transfer|0d 0a|"; fast_pattern; content:"content-disposition|3a 20|attachment|3b 20|filename|3d|"; content:"cache-control|3a 20|must|2d|revalidate|2c 20|post|2d|check|3d|0|2c 20|pre|2d|check|3d|0"; content:"content-transfer-encoding|3a 20|binary|0d 0a|"; content:"expires|3a 20|0|0d 0a|"; nocase; http.content_type; bsize:24; content:"application/octet-stream"; classtype:trojan-activity; sid:2048222; rev:2; metadata:attack_target Client_and_Server, created_at 2023_09_25, deployment Perimeter, deployment SSLDecrypt, performance_impact Moderate, confidence High, signature_severity Major, tag TA577, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_19, reviewed_at 2023_09_25; target:dest_ip;)
Metadata
attack targetClient_and_Server
created at2023_09_25
deploymentSSLDecrypt
performance impactModerate
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_19
reviewed at2023_09_25
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!