FILE-OTHER -- Snort detected traffic targeting vulnerabilities in a file type that does not require enough rule coverage to have its own category.
FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
An attacker can specify an incorrect Content-Type when sending a malicious file and cause several antivirus products to misidentify the file type during scans.
This rule triggers on attempt to evade detection in several Antivirus products by incorrectly specifying the file type being scanned.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
No rule groups
N/A
Not Applicable
CVE-2005-3370 |
Loading description
|
CVE-2005-3371 |
Loading description
|
CVE-2005-3372 |
Loading description
|
CVE-2005-3373 |
Loading description
|
CVE-2005-3374 |
Loading description
|
CVE-2005-3375 |
Loading description
|
CVE-2005-3376 |
Loading description
|
CVE-2005-3377 |
Loading description
|
CVE-2005-3378 |
Loading description
|
CVE-2005-3379 |
Loading description
|
CVE-2005-3380 |
Loading description
|
CVE-2005-3381 |
Loading description
|
CVE-2005-3382 |
Loading description
|
Tactic: Defense Evasion
Technique: Obfuscated Files or Information
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
