""ET WEB_CLIENT SocEng Fake Font Download Template Nov 14 2017""
SID: 2024985
Revision: 1
Class Type: trojan-activity
Metadata: affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2017_11_14, deployment Perimeter, malware_family SocEng, performance_impact Low, signature_severity Major, updated_at 2017_11_14
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "|63 6c 69 63 6b 5f 75 70 64|"
-
Value: "|46 6f 6e 74 20 50 61 63 6b|"
-
Value: "|2e 6a 73 20 66 69 6c 65 20 74 6f 20 73 74 61 72 74 20 74 68 65 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 20 70 72 6f 63 65 73 73 2e|"
Within:
PCRE:
Special Options:
-
file_data
-
nocase
-
nocase
-
nocase