alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS suspicious embedded zip file in web page"; flow:established,to_client; file_data; content:"data|3a|"; nocase; content:"base64,UEsDB"; within:40; fast_pattern; flowbits:set,et.exploitkitlanding; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2019324; rev:2; metadata:created_at 2014_09_30, updated_at 2014_09_30;)

Added 2019-10-09 19:08:53 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS suspicious embedded zip file in web page"; flow:established,to_client; file_data; content:"data|3a|"; nocase; content:"base64,UEsDB"; within:40; fast_pattern; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2019324; rev:2; metadata:created_at 2014_09_30, updated_at 2014_09_30;)

Added 2018-09-13 19:49:26 UTC


Added 2018-09-13 17:59:05 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS suspicious embedded zip file in web page"; flow:established,to_client; file_data; content:"data|3a|"; nocase; content:"base64,UEsDB"; within:40; fast_pattern; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2019324; rev:2; metadata:created_at 2014_09_30, updated_at 2014_09_30;)

Added 2017-08-07 21:13:33 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS suspicious embedded zip file in web page"; flow:established,to_client; file_data; content:"data|3a|"; nocase; content:"base64,UEsDB"; within:40; fast_pattern; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2019324; rev:2;)

Added 2014-09-30 17:15:38 UTC


Topic revision: r1 - 2019-10-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats