Description
- This signature will alert to an unencrypted HTTP port 80 website GET request that involves an executable file (exe|zip|7z|rar|com|vbs|ps1) with the keywords Financial, Payment, or Invoice. This is monitoring for a likely compromised site attempting to pass off a malicious executable disguised as an invoice.
Vector
- Port 80 HTTP
User-Agent
- N/A
Known False Positive Indicators
- Some County Bail sites that allow for checking Bail payment amounts will falsely trip this alert.
Affected Host
- Any
Classification
- Malware
Sentinel Signature
-
TROJAN Possible Malicious Invoice EXE
DNS Calls
- N/A
Comments
0 comments
Please sign in to leave a comment.