alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS JavaScript? Obfuscation JSXX Script"; flow:established,to_client; file_data; content:"Encrypt "; content:"JSXX"; fast_pattern; distance:0; content:"VIP"; within:100; reference:cve,2012-0003; reference:url,eromang.zataz.com/2012/10/22/gong-da-gondad-exploit-pack-evolutions/; classtype:attempted-user; sid:2014155; rev:4;)

Added 2012-10-22 20:58:51 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Microsoft Windows Media component specific exploit - SET"; flow:established,to_client; file_data; content:"Encrypt By Dadong|27|s JS"; distance:0; flowbits:set,et.cve-2012-0003_spec; flowbits:noalert; reference:cve,2012-0003; classtype:attempted-user; sid:2014155; rev:1;)

Added 2012-01-27 18:12:10 UTC


Topic revision: r1 - 2012-10-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats