alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO JAVA - Java Class Download By Vulnerable Client"; flow:from_server,established; flowbits:isset,ET.http.javaclient.vulnerable; content:"|0D 0A 0D 0A CA FE BA BE|"; classtype:trojan-activity; sid:2014475; rev:6; metadata:created_at 2012_04_04, updated_at 2012_04_04;)

Added 2017-08-07 21:07:53 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INFO JAVA - Java Class Download By Vulnerable Client"; flow:from_server,established; flowbits:isset,ET.http.javaclient.vulnerable; file_data; content:"|CA FE BA BE|"; within:4; classtype:trojan-activity; sid:2014475; rev:4;)

Added 2012-04-04 17:18:47 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats