alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible exploitation of CVE-2012-5076 by an exploit kit Nov 13 2012"; flow:from_server,established; file_data; content:"<object"; content:"0b0909041f"; distance:0; fast_pattern; content:"3131"; distance:0; classtype:trojan-activity; sid:2015887; rev:5;)

Added 2014-09-19 17:22:45 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible exploitation of CVE-2012-5076 by an exploit kit Nov 13 2012"; flow:from_server,established; file_data; content:"<object"; content:"0b0909041f"; distance:0; fast_pattern; content:"3131"; distance:0; classtype:trojan-activity; sid:2015887; rev:3;)

Added 2012-12-03 21:50:52 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible exploitation of CVE-2012-5076 by an exploit kit Nov 13 2012"; flow:from_server,established; file_data; content:"zxoopw51ebitb"; content:"0b0909041f"; distance:0; fast_pattern; content:"3131"; distance:0; classtype:trojan-activity; sid:2015887; rev:2;)

Added 2012-11-23 18:58:54 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible exploitation of CVE-2012-5076 by an exploit kit Nov 13 2012"; flow:from_server,established; file_data; content:"bagdfssdb"; content:"0b0909041f"; distance:0; fast_pattern; content:"3131"; distance:0; classtype:trojan-activity; sid:2015887; rev:1;)

Added 2012-11-13 23:42:02 UTC


Topic revision: r1 - 2014-09-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats