file_id (msg:"multimedia playlists"; file_meta:type PLS, id 116, category "Multimedia"; file_data; content:"| 5b 70 6c 61 79 6c 69 73 74 5d |", depth 10, offset 0; gid:4; sid:107; rev:1;)
file_id (msg:"Synchronized Multimedia Integration Language"; file_meta:type SMIL, id 117, category "Multimedia"; file_data; content:"| 3c 73 6d 69 6c 3e |", depth 6, offset 0; gid:4; sid:108; rev:1;)
file_id (msg:"Synchronized Accessible Media Interchange"; file_meta:type SAMI, id 119, category "Multimedia"; file_data; content:"| 3c 53 41 4d 49 |", depth 5, offset 0; gid:4; sid:109; rev:1;)
-file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (DOCX, PPTX, XLSX)"; file_meta:type NEW_OFFICE, id 120, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 14 00 06 00 |", depth 8, offset 0; gid:4; sid:110; rev:1;)
file_id (msg:"Autodesk AutoCAD file (dwg) "; file_meta:type DWG, id 130, category "Graphics"; file_data; content:"| 41 43 31 30 |", depth 4, offset 0; gid:4; sid:111; rev:1;)
file_id (msg:"Microsoft Document Imaging file (mdi)"; file_meta:type MDI, id 132, category "Office Documents"; file_data; content:"| 45 50 |", depth 2, offset 0; gid:4; sid:112; rev:1;)
file_id (msg:"PGP disk image(PGD)"; file_meta:type PGD, id 133, category "System files"; file_data; content:"| 50 47 50 64 4D 41 49 4E |", depth 8, offset 0; gid:4; sid:113; rev:1;)
file_id (msg:"Flash file"; file_meta:type SWF, id 324, category "Multimedia"; file_data; content:"| 5A 57 53 |", depth 3, offset 0; gid:4; sid:201; rev:1;)
file_id (msg:"Packet capture file"; file_meta:type PCAP, id 325, category "System files"; file_data; content:"| 0A 0D 0D 0A |", depth 4, offset 0; gid:4; sid:202; rev:1;)
file_id (msg:"Flash file "; file_meta:type SWF, id 54, category "Multimedia"; file_data; content:"| 58 46 49 52 |", depth 4, offset 0; gid:4; sid:203; rev:1;)
+file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (PPTX)"; file_meta:type PPTX, id 326, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 70 70 74 2f |", depth 4, offset 30; gid:4; sid:204; rev:1;)
+file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (DOCX)"; file_meta:type DOCX, id 327, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 77 6f 72 64 2f |", depth 5, offset 30; gid:4; sid:205; rev:1;)
+file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (XLSX)"; file_meta:type XLSX, id 328, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 78 6c 2f |", depth 3, offset 30; gid:4; sid:206; rev:1;)
+file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (DOCX, PPTX, XLSX)"; file_meta:type NEW_OFFICE, id 329, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e |", depth 16, offset 30; gid:4; sid:207; rev:1;)
+file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (DOCX, PPTX, XLSX)"; file_meta:type NEW_OFFICE, id 330, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 5f 72 65 6c 73 2f |", depth 6, offset 30; gid:4; sid:208; rev:1;)
+file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (DOCX, PPTX, XLSX)"; file_meta:type NEW_OFFICE, id 331, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 64 6f 63 50 72 6f 70 73 2f |", depth 9, offset 30; gid:4; sid:209; rev:1;)
\ No newline at end of file
projects / thirdparty / snort3.git / commitdiff
