#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura)"; flow:established,from_server; file_data; content:"|25|6a|25|6e|25|6c|25|70|25|5f|25|65|25|6d|25|62|25|65|25|64|25|64|25|65|25|64"; flowbits:set,et.exploitkitlanding; reference:url,www.adam.com.au/bogaurd/PSYB0T.pdf; reference:url,doc.emergingthreats.net/2009172; classtype:trojan-activity; sid:2017250; rev:2; metadata:created_at 2013_07_30, cve CVE_1234_CVE_341, former_category EXPLOIT_KIT, updated_at 2020_08_31;)

Added 2021-09-21 19:58:54 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura)"; flow:established,from_server; file_data; content:"|25|6a|25|6e|25|6c|25|70|25|5f|25|65|25|6d|25|62|25|65|25|64|25|64|25|65|25|64"; flowbits:set,et.exploitkitlanding; reference:url,www.adam.com.au/bogaurd/PSYB0T.pdf; reference:url,doc.emergingthreats.net/2009172; classtype:trojan-activity; sid:2017250; rev:2; metadata:created_at 2013_07_29, cve CVE_1234_CVE_341, former_category EXPLOIT_KIT, updated_at 2020_08_31;)

Added 2021-09-10 18:31:18 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura)"; flow:established,from_server; file_data; content:"|25|6a|25|6e|25|6c|25|70|25|5f|25|65|25|6d|25|62|25|65|25|64|25|64|25|65|25|64"; flowbits:set,et.exploitkitlanding; reference:url,www.adam.com.au/bogaurd/PSYB0T.pdf; reference:url,doc.emergingthreats.net/2009172 url,foobar; classtype:trojan-activity; sid:2017250; rev:2; metadata:created_at 2013_07_29, cve CVE_1234_CVE_341, former_category EXPLOIT_KIT, updated_at 2020_08_31;)

Added 2020-08-31 18:09:20 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura)"; flow:established,from_server; file_data; content:"|25|6a|25|6e|25|6c|25|70|25|5f|25|65|25|6d|25|62|25|65|25|64|25|64|25|65|25|64"; flowbits:set,et.exploitkitlanding; reference:url,www.adam.com.au/bogaurd/PSYB0T.pdf; reference:url,doc.emergingthreats.net/2009172 url,foobar; classtype:trojan-activity; sid:2017250; rev:2; metadata:created_at 2013_07_29, cve CVE_1234_CVE_341, former_category EXPLOIT_KIT, updated_at 2013_07_29;)

Added 2020-08-05 19:09:12 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura)"; flow:established,from_server; file_data; content:"|25|6a|25|6e|25|6c|25|70|25|5f|25|65|25|6d|25|62|25|65|25|64|25|64|25|65|25|64"; flowbits:set,et.exploitkitlanding; metadata: former_category EXPLOIT_KIT; reference:url,www.adam.com.au/bogaurd/PSYB0T.pdf; reference:url,doc.emergingthreats.net/2009172 url,foobar; classtype:trojan-activity; sid:2017250; rev:2; metadata:cve CVE_1234_CVE_341, created_at 2013_07_29, updated_at 2013_07_29;)

Added 2020-06-23 00:49:35 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura)"; flow:established,from_server; file_data; content:"|25|6a|25|6e|25|6c|25|70|25|5f|25|65|25|6d|25|62|25|65|25|64|25|64|25|65|25|64"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017250; rev:2; metadata:created_at 2013_07_29, updated_at 2013_07_29;)

Added 2020-02-26 20:42:07 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura)"; flow:established,from_server; file_data; content:"|25|6a|25|6e|25|6c|25|70|25|5f|25|65|25|6d|25|62|25|65|25|64|25|64|25|65|25|64"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017250; rev:2; metadata:created_at 2013_07_29, updated_at 2013_07_29;)

Added 2018-09-13 19:47:26 UTC


Added 2018-09-13 17:57:54 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura)"; flow:established,from_server; file_data; content:"|25|6a|25|6e|25|6c|25|70|25|5f|25|65|25|6d|25|62|25|65|25|64|25|64|25|65|25|64"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017250; rev:2; metadata:created_at 2013_07_29, updated_at 2013_07_29;)

Added 2017-08-07 21:11:07 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura)"; flow:established,from_server; file_data; content:"|25|6a|25|6e|25|6c|25|70|25|5f|25|65|25|6d|25|62|25|65|25|64|25|64|25|65|25|64"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017250; rev:1;)

Added 2013-07-29 22:48:47 UTC


Topic revision: r1 - 2021-09-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats