alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015 as observed in PawnStorm?"; flow:established,from_server; file_data; content:"javax.naming.InitialContext"; fast_pattern; content:"progress-class"; nocase; pcre:"/^\s*?=\s*?[\x22\x27]javax.naming.InitialContext/Rsi"; content:""; nocase; distance:0; metadata: former_category CURRENT_EVENTS; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/; classtype:trojan-activity; sid:2021985; rev:4; metadata:created_at 2015_10_21, updated_at 2019_10_07;)

Added 2019-10-08 19:34:33 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015 as observed in PawnStorm?"; flow:established,from_server; file_data; content:"javax.naming.InitialContext"; fast_pattern:only; content:"progress-class"; nocase; pcre:"/^\s*?=\s*?[\x22\x27]javax.naming.InitialContext/Rsi"; content:""; nocase; distance:0; metadata: former_category CURRENT_EVENTS; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/; classtype:trojan-activity; sid:2021985; rev:3; metadata:created_at 2015_10_21, updated_at 2015_10_21;)

Added 2019-09-26 19:58:04 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015 as observed in PawnStorm?"; flow:established,from_server; file_data; content:"javax.naming.InitialContext"; fast_pattern:only; content:"progress-class"; nocase; pcre:"/^\s*?=\s*?[\x22\x27]javax.naming.InitialContext/Rsi"; content:""; nocase; distance:0; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/; classtype:trojan-activity; sid:2021985; rev:3; metadata:created_at 2015_10_21, updated_at 2015_10_21;)

Added 2018-09-13 19:51:51 UTC


Added 2018-09-13 18:00:28 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015 as observed in PawnStorm?"; flow:established,from_server; file_data; content:"javax.naming.InitialContext"; fast_pattern:only; content:"progress-class"; nocase; pcre:"/^\s*?=\s*?[\x22\x27]javax.naming.InitialContext/Rsi"; content:""; nocase; distance:0; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/; classtype:trojan-activity; sid:2021985; rev:3; metadata:created_at 2015_10_21, updated_at 2015_10_21;)

Added 2017-08-07 21:16:46 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015 as observed in PawnStorm?"; flow:established,from_server; file_data; content:"javax.naming.InitialContext"; fast_pattern:only; content:"progress-class"; nocase; pcre:"/^\s*?=\s*?[\x22\x27]javax.naming.InitialContext/Rsi"; content:""; nocase; distance:0; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/; classtype:trojan-activity; sid:2021985; rev:3;)

Added 2015-10-21 00:21:47 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats