alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS probable malicious Glazunov Javascript injection"; flow:established,from_server; file_data; content:"(|22|"; distance:0; content:"|22|))|3b|"; distance:52; within:106; content:")|3b|"; within:200; fast_pattern; pcre:"/\(\x22[0-9\x3a\x3b\x3c\x3d\x3e\x3fa-k]{50,100}\x22\).{0,200}\)\x3b<\/script><\/body>/s"; flowbits:set,et.exploitkitlanding; classtype:bad-unknown; sid:2015977; rev:7; metadata:created_at 2012_12_03, updated_at 2012_12_03;)

Added 2017-08-07 21:09:37 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS probable malicious Glazunov Javascript injection"; flow:established,from_server; file_data; content:"(|22|"; distance:0; content:"|22|))|3b|"; distance:52; within:106; content:")|3b|"; within:200; fast_pattern; pcre:"/\(\x22[0-9\x3a\x3b\x3c\x3d\x3e\x3fa-k]{50,100}\x22\).{0,200}\)\x3b<\/script><\/body>/s"; flowbits:set,et.exploitkitlanding; classtype:bad-unknown; sid:2015977; rev:8;)

Added 2013-01-11 21:06:07 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS probable malicious Glazunov Javascript injection"; flow:established,from_server; file_data; content:"(|22|"; distance:0; content:"|22|))|3b|"; distance:52; within:76; content:")|3b|"; within:200; fast_pattern; pcre:"/\(\x22[0-9\x3a\x3b\x3c\x3d\x3e\x3fa-k]{50,70}\x22\).{0,200}\)\x3b<\/script><\/body>/s"; flowbits:set,et.exploitkitlanding; classtype:bad-unknown; sid:2015977; rev:6;)

Added 2012-12-03 21:50:52 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats