""ET USER_AGENTS Suspicious User-Agent (VB OpenUrl)""

SID: 2029544

Revision: 2

Class Type: bad-unknown

Metadata: attack_target Client_Endpoint, created_at 2020_02_27, deployment Perimeter, signature_severity Informational, updated_at 2020_02_27

Reference:

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

• Value: "User-Agent|3a 20|VB OpenURL|0d 0a|"

Within:

PCRE:

Special Options:

• http_header

source