alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK IE Exploit Apr 23 2015"; flow:established,from_server; file_data; content:"some"; fast_pattern; content:"<style>"; content:"|5c 3a|*{display|3a|inline-block|3b|behavior|3a|url(#default#VML)|3b|}</style>"; distance:3; within:65; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2020980; rev:4; metadata:created_at 2015_04_23, updated_at 2019_10_07;) <p /> </h2> <p /> Added 2019-10-08 19:34:25 UTC <p /> <p /> <form method="post" action="https://doc.emergingthreats.net/bin/save/Main/2020980" enctype="multipart/form-data" id="threadmode0" name="threadmode0"><input type="hidden" name="crypttoken" value="93b9b4083066f05e187ce52c056fe77c" /><div class="commentPlugin commentPluginPromptBox" style="margin: 5px 0;"> <div><textarea rows="5" cols="80" name="comment" class="twikiTextarea" wrap="soft" style="width: 100%" onfocus="if(this.value=='Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.')this.value=''" onblur="if(this.value=='')this.value='Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.'">Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.</textarea></div><div style="padding: 5px 0 0 0;"><input type="submit" value="Add to Documentation" class="twikiButton" /></div> </div><!--/commentPlugin--> <input type="hidden" name="comment_action" value="save" /> <input type="hidden" name="comment_type" value="threadmode" /> <input type="hidden" name="comment_index" value="0" /></form> <p /> <hr> <p /> <p /> <p /> <h2> <p /> <p /> alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK IE Exploit Apr 23 2015"; flow:established,from_server; file_data; content:"<title>some"; fast_pattern:only; content:"<style>"; content:"|5c 3a|*{display|3a|inline-block|3b|behavior|3a|url(#default#VML)|3b|}</style>"; distance:3; within:65; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2020980; rev:3; metadata:created_at 2015_04_23, updated_at 2015_04_23;) <p /> </h2> <p /> Added 2019-09-26 19:57:59 UTC <p /> <p /> <p /> <hr> <p /> <p /> <p /> <h2> <p /> <p /> alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK IE Exploit Apr 23 2015"; flow:established,from_server; file_data; content:"<title>some"; fast_pattern:only; content:"<style>"; content:"|5c 3a|*{display|3a|inline-block|3b|behavior|3a|url(#default#VML)|3b|}</style>"; distance:3; within:65; classtype:trojan-activity; sid:2020980; rev:3; metadata:created_at 2015_04_23, updated_at 2015_04_23;) <p /> </h2> <p /> Added 2018-09-13 19:51:05 UTC <p /> <p /> <p /> <hr> <p /> <p /> <p /> <h2> <p /> <p /> <p /> </h2> <p /> Added 2018-09-13 17:59:59 UTC <p /> <p /> <p /> <hr> <p /> <p /> <p /> <h2> <p /> <p /> alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK IE Exploit Apr 23 2015"; flow:established,from_server; file_data; content:"<title>some"; fast_pattern:only; content:"<style>"; content:"|5c 3a|*{display|3a|inline-block|3b|behavior|3a|url(#default#VML)|3b|}</style>"; distance:3; within:65; classtype:trojan-activity; sid:2020980; rev:3; metadata:created_at 2015_04_23, updated_at 2015_04_23;) <p /> </h2> <p /> Added 2017-08-07 21:15:35 UTC <p /> <p /> <p /> <hr> <p /> <p /> <p /> <h2> <p /> <p /> alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK IE Exploit Apr 23 2015"; flow:established,from_server; file_data; content:"<title>some"; fast_pattern:only; content:"<style>"; content:"|5c 3a|*{display|3a|inline-block|3b|behavior|3a|url(#default#VML)|3b|}</style>"; distance:3; within:65; classtype:trojan-activity; sid:2020980; rev:3;) <p /> </h2> <p /> Added 2015-05-03 20:41:14 UTC <p /> <p /> <p /> <hr> <p /> <p /> <p /> <h2> <p /> <p /> alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK IE Exploit Apr 23 2015"; flow:established,from_server; file_data; content:"<title>some "; fast_pattern:only; content:""; distance:3; within:65; classtype:trojan-activity; sid:2020980; rev:2;)

Added 2015-04-23 18:23:23 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats