#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015"; flow:established,from_server; content:"Content-Disposition|3a 20|inline|3b|"; http_header; content:".pdf"; http_header; fast_pattern:only; pcre:"/Content-Disposition\x3a\x20[^\r\n]+filename=[a-z]{7,8}\d{2,3}\.pdf\r\n/Hm"; file_data; content:"PDF-"; within:500; classtype:trojan-activity; sid:2020984; rev:3; metadata:created_at 2015_04_23, former_category CURRENT_EVENTS, updated_at 2017_04_04;)

Added 2022-05-19 19:06:34 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015"; flow:established,from_server; content:"Content-Disposition|3a 20|inline|3b|"; http_header; content:".pdf"; http_header; fast_pattern:only; pcre:"/Content-Disposition\x3a\x20[^\r\n]+filename=[a-z]{7,8}\d{2,3}\.pdf\r\n/Hm"; file_data; content:"PDF-"; within:500; classtype:trojan-activity; sid:2020984; rev:2; metadata:created_at 2015_04_23, former_category CURRENT_EVENTS, updated_at 2017_04_04;)

Added 2020-08-05 19:11:10 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015"; flow:established,from_server; content:"Content-Disposition|3a 20|inline|3b|"; http_header; content:".pdf"; http_header; fast_pattern:only; pcre:"/Content-Disposition\x3a\x20[^\r\n]+filename=[a-z]{7,8}\d{2,3}\.pdf\r\n/Hm"; file_data; content:"PDF-"; within:500; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2020984; rev:2; metadata:created_at 2015_04_23, updated_at 2017_04_04;)

Added 2018-09-13 19:51:05 UTC


Added 2018-09-13 18:00:00 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015"; flow:established,from_server; content:"Content-Disposition|3a 20|inline|3b|"; http_header; content:".pdf"; http_header; fast_pattern:only; pcre:"/Content-Disposition\x3a\x20[^\r\n]+filename=[a-z]{7,8}\d{2,3}\.pdf\r\n/Hm"; file_data; content:"PDF-"; within:500; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2020984; rev:2; metadata:created_at 2015_04_23, updated_at 2017_04_04;)

Added 2017-08-07 21:15:36 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015"; flow:established,from_server; content:"Content-Disposition|3a 20|inline|3b|"; http_header; content:".pdf"; http_header; fast_pattern:only; pcre:"/Content-Disposition\x3a\x20[^\r\n]+filename=[a-z]{7,8}\d{2,3}\.pdf\r\n/Hm"; file_data; content:"PDF-"; within:500; classtype:trojan-activity; sid:2020984; rev:2;)

Added 2017-05-05 16:58:54 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015"; flow:established,from_server; content:"Content-Disposition|3a 20|inline|3b|"; http_header; content:".pdf"; http_header; fast_pattern:only; pcre:"/Content-Disposition\x3a\x20[^\r\n]+filename=[a-z]{7,8}\d{2,3}\.pdf\r\n/Hm"; file_data; content:"PDF-"; within:500; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2020984; rev:2;)

Added 2017-05-03 17:35:22 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015"; flow:established,from_server; content:"Content-Disposition|3a 20|inline|3b|"; http_header; content:".pdf"; http_header; fast_pattern:only; pcre:"/Content-Disposition\x3a\x20[^\r\n]+filename=[a-z]{7,8}\d{2,3}\.pdf\r\n/Hm"; file_data; content:"PDF-"; within:500; classtype:trojan-activity; sid:2020984; rev:2;)

Added 2017-04-04 18:14:33 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015"; flow:established,from_server; content:"Content-Disposition|3a 20|inline|3b|"; http_header; content:".pdf"; http_header; fast_pattern:only; pcre:"/Content-Disposition\x3a\x20[^\r\n]+filename=[a-z]{7,8}\d{2,3}\.pdf\r\n/Hm"; file_data; content:"PDF-"; within:500; classtype:trojan-activity; sid:2020984; rev:2;)

Added 2015-04-23 18:23:24 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats