alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Obfuscation Technique Used in CVE-2014-0322 Attacks"; flow:established,from_server; file_data; content:"|2f|%u([0-9a-fA-F]{1,4}"; nocase; fast_pattern; content:"decode"; nocase; pcre:"/^\s*?\(\s*?key\s*?,\s*?js\s*?/Rsi"; content:"decode"; nocase; pcre:"/^\s*?\(\s*?[^,\s]*?\s*?,\s*?[\x22\x27][a-f0-9]{100}/Rsi"; classtype:trojan-activity; sid:2018179; rev:5; metadata:created_at 2014_02_25, former_category CURRENT_EVENTS, updated_at 2019_10_07;)

Added 2020-11-23 17:30:14 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Obfuscation Technique Used in CVE-2014-0322 Attacks"; flow:established,from_server; file_data; content:"|2f|%u([0-9a-fA-F]{1,4}"; nocase; fast_pattern:only; content:"decode"; nocase; pcre:"/^\s*?\(\s*?key\s*?,\s*?js\s*?/Rsi"; content:"decode"; nocase; pcre:"/^\s*?\(\s*?[^,\s]*?\s*?,\s*?[\x22\x27][a-f0-9]{100}/Rsi"; classtype:trojan-activity; sid:2018179; rev:4; metadata:created_at 2014_02_25, updated_at 2019_10_07;)

Added 2019-10-07 19:58:42 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Obfuscation Technique Used in CVE-2014-0322 Attacks"; flow:established,from_server; file_data; content:"|2f|%u([0-9a-fA-F]{1,4}"; nocase; fast_pattern:only; content:"decode"; nocase; pcre:"/^\s*?\(\s*?key\s*?,\s*?js\s*?/Rsi"; content:"decode"; nocase; pcre:"/^\s*?\(\s*?[^,\s]*?\s*?,\s*?[\x22\x27][a-f0-9]{100}/Rsi"; classtype:trojan-activity; sid:2018179; rev:4; metadata:created_at 2014_02_25, updated_at 2014_02_25;)

Added 2018-09-13 19:48:29 UTC


Added 2018-09-13 17:58:28 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Obfuscation Technique Used in CVE-2014-0322 Attacks"; flow:established,from_server; file_data; content:"|2f|%u([0-9a-fA-F]{1,4}"; nocase; fast_pattern:only; content:"decode"; nocase; pcre:"/^\s*?\(\s*?key\s*?,\s*?js\s*?/Rsi"; content:"decode"; nocase; pcre:"/^\s*?\(\s*?[^,\s]*?\s*?,\s*?[\x22\x27][a-f0-9]{100}/Rsi"; classtype:trojan-activity; sid:2018179; rev:4; metadata:created_at 2014_02_25, updated_at 2014_02_25;)

Added 2017-08-07 21:12:14 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Obfuscation Technique Used in CVE-2014-0322 Attacks"; flow:established,from_server; file_data; content:"|2f|%u([0-9a-fA-F]{1,4}"; nocase; fast_pattern:only; content:"decode"; nocase; pcre:"/^\s*?\(\s*?key\s*?,\s*?js\s*?/Rsi"; content:"decode"; nocase; pcre:"/^\s*?\(\s*?[^,\s]*?\s*?,\s*?[\x22\x27][a-f0-9]{100}/Rsi"; classtype:trojan-activity; sid:2018179; rev:3;)

Added 2014-02-25 19:42:02 UTC


Topic revision: r1 - 2020-11-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats