valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

rule: added Emotet UA

Browse Source 
https://twitter.com/webbthewombat/status/1225827092132179968
This commit is contained in:
Florian Roth 2020-02-08 10:37:56 +01:00
parent be9b80d6ab
commit d9645af840
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/proxy/proxy_ua_malware.yml
View File

@ -56,6 +56,8 @@ detection:
# Ursnif
- 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0; Win64; x64)'
- 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64)'
# Emotet
- 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3)' # https://twitter.com/webbthewombat/status/1225827092132179968
# Others
- '* pxyscand*'
- '* asd'