#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED BlackHole EK Landing Nov 17 2015"; flow:from_server,established; file_data; content:"|2e 73 74 79 6c 65 2e 6c 65 66 74 3d 3d 3d 22 22 29 7b 67 67 3d 22 67 65 74 41 22 3b 7d 71 71 3d 22 71 22 3b 67 67 2b 3d 22 74 74 72 69 22 3b 66 75 6e 63 74 69 6f 6e 20 63 78 7a 28 29|"; fast_pattern:17,20; classtype:trojan-activity; sid:2022113; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2015_11_17, deployment Perimeter, former_category CURRENT_EVENTS, malware_family Blackhole, signature_severity Critical, tag Blackhole, tag Exploit_Kit, updated_at 2018_01_25;)

Added 2022-05-19 19:06:40 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED BlackHole EK Landing Nov 17 2015"; flow:from_server,established; file_data; content:"|2e 73 74 79 6c 65 2e 6c 65 66 74 3d 3d 3d 22 22 29 7b 67 67 3d 22 67 65 74 41 22 3b 7d 71 71 3d 22 71 22 3b 67 67 2b 3d 22 74 74 72 69 22 3b 66 75 6e 63 74 69 6f 6e 20 63 78 7a 28 29|"; fast_pattern:17,20; classtype:trojan-activity; sid:2022113; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2015_11_17, deployment Perimeter, former_category CURRENT_EVENTS, malware_family Blackhole, signature_severity Critical, tag Blackhole, tag Exploit_Kit, updated_at 2018_01_25;)

Added 2020-08-05 19:11:51 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED BlackHole EK Landing Nov 17 2015"; flow:from_server,established; file_data; content:"|2e 73 74 79 6c 65 2e 6c 65 66 74 3d 3d 3d 22 22 29 7b 67 67 3d 22 67 65 74 41 22 3b 7d 71 71 3d 22 71 22 3b 67 67 2b 3d 22 74 74 72 69 22 3b 66 75 6e 63 74 69 6f 6e 20 63 78 7a 28 29|"; fast_pattern:17,20; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2022113; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Blackhole, tag Exploit_Kit, signature_severity Critical, created_at 2015_11_17, malware_family Blackhole, updated_at 2018_01_25;)

Added 2018-01-25 16:54:47 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS BlackHole EK Landing Nov 17 2015"; flow:from_server,established; file_data; content:"|2e 73 74 79 6c 65 2e 6c 65 66 74 3d 3d 3d 22 22 29 7b 67 67 3d 22 67 65 74 41 22 3b 7d 71 71 3d 22 71 22 3b 67 67 2b 3d 22 74 74 72 69 22 3b 66 75 6e 63 74 69 6f 6e 20 63 78 7a 28 29|"; fast_pattern:17,20; classtype:trojan-activity; sid:2022113; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Blackhole, tag Exploit_Kit, signature_severity Critical, created_at 2015_11_17, malware_family Blackhole, updated_at 2016_07_01;)

Added 2017-08-07 21:16:56 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS BlackHole EK Landing Nov 17 2015"; flow:from_server,established; file_data; content:"|2e 73 74 79 6c 65 2e 6c 65 66 74 3d 3d 3d 22 22 29 7b 67 67 3d 22 67 65 74 41 22 3b 7d 71 71 3d 22 71 22 3b 67 67 2b 3d 22 74 74 72 69 22 3b 66 75 6e 63 74 69 6f 6e 20 63 78 7a 28 29|"; fast_pattern:17,20; classtype:trojan-activity; sid:2022113; rev:2;)

Added 2015-11-17 17:26:02 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats