alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Possible Hex Obfuscated JavaScript? Heap Spray 0a0a0a0a"; flow:established,to_client; file_data; content:"|5C|x0a|5C|x0a|5C|x0a|5C|x0a"; nocase; reference:url,www.darkreading.com/security/vulnerabilities/221901428/index.html; classtype:shellcode-detect; sid:2013267; rev:5; metadata:created_at 2011_07_14, updated_at 2017_01_27;)

Added 2017-08-07 21:06:32 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Possible Hex Obfuscated JavaScript? Heap Spray 0a0a0a0a"; flow:established,to_client; file_data; content:"|5C|x0a|5C|x0a|5C|x0a|5C|x0a"; nocase; reference:url,www.darkreading.com/security/vulnerabilities/221901428/index.html; classtype:shellcode-detect; sid:2013267; rev:5;)

Added 2017-01-27 17:01:25 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET SHELLCODE Hex Obfuscated JavaScript? Heap Spray 0a0a0a0a"; flow:established,to_client; content:"|5C|x0a|5C|x0a|5C|x0a|5C|x0a"; nocase; fast_pattern:only; reference:url,www.darkreading.com/security/vulnerabilities/221901428/index.html; classtype:shellcode-detect; sid:2013267; rev:1;)

Added 2011-10-12 19:36:28 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET SHELLCODE Hex Obfuscated JavaScript? Heap Spray 0a0a0a0a"; flow:established,to_client; content:"|5C|x0a|5C|x0a|5C|x0a|5C|x0a"; nocase; fast_pattern:only; classtype:shellcode-detect; reference:url,www.darkreading.com/security/vulnerabilities/221901428/index.html; sid:2013267; rev:1;)

Added 2011-07-14 16:10:11 UTC

Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.

-- DigiAngel - 06 Oct 2011

I can get this to fire every time by doing a search on robtex.com

-- DigiAngel - 06 Oct 2011


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET SHELLCODE Hex Obfuscated JavaScript? Heap Spray 0a0a0a0a"; flow:established,to_client; content:"|5C|x0a|5C|x0a|5C|x0a|5C|x0a"; nocase; fast_pattern:only; classtype:shellcode-detect; reference:url,www.darkreading.com/security/vulnerabilities/221901428/index.html; sid:2013267; rev:1;)

Added 2011-07-14 15:29:40 UTC


Topic revision: r2 - 2011-10-06 - DigiAngel
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats