#alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED NeoSploit? Exploit Kit Java exploit drive-by host likely infected (nte)"; flow:established,to_server; uricontent:"/nte/"; nocase; content:"|0d 0a|accept-encoding|3a| pack200-gzip,gzip|0d 0a|"; nocase; content:"|0d 0a|content-type|3a| application/x-java-archive|0d 0a|"; nocase; content:!"|0d 0a|Referer|3a| "; nocase; content:"|0d 0a|User-Agent|3a| Mozilla"; nocase; content:" Java/"; nocase; within:50; reference:url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0; reference:url,doc.emergingthreats.net/2010871; classtype:trojan-activity; sid:2010871; rev:6; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:04:01 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED NeoSploit? Exploit Kit Java exploit drive-by host likely infected (nte)"; flow:established,to_server; content:"/nte/"; nocase; http_uri; content:"accept-encoding|3a| pack200-gzip,gzip|0d 0a|"; nocase; http_header; content:"content-type|3a| application/x-java-archive|0d 0a|"; nocase; http_header; content:!"Referer|3a| "; nocase; content:"User-Agent|3a| Mozilla"; nocase; http_header; content:" Java/"; nocase; reference:url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0; reference:url,doc.emergingthreats.net/2010871; classtype:trojan-activity; sid:2010871; rev:6;)

Added 2011-10-12 19:30:47 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED NeoSploit? Exploit Kit Java exploit drive-by host likely infected (nte)"; flow:established,to_server; content:"/nte/"; nocase; http_uri; content:"accept-encoding|3a| pack200-gzip,gzip|0d 0a|"; nocase; http_header; content:"content-type|3a| application/x-java-archive|0d 0a|"; nocase; http_header; content:!"Referer|3a| "; nocase; content:"User-Agent|3a| Mozilla"; nocase; http_header; content:" Java/"; nocase; classtype:trojan-activity; reference:url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0; reference:url,doc.emergingthreats.net/2010871; sid:2010871; rev:6;)

Added 2011-09-14 22:43:56 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED NeoSploit? Exploit Kit Java exploit drive-by host likely infected (nte)"; flow:established,to_server; content:"/nte/"; nocase; http_uri; content:"accept-encoding|3a| pack200-gzip,gzip|0d 0a|"; nocase; http_header; content:"content-type|3a| application/x-java-archive|0d 0a|"; nocase; http_header; content:!"Referer|3a| "; nocase; content:"User-Agent|3a| Mozilla"; nocase; http_header; content:" Java/"; nocase; classtype:trojan-activity; reference:url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0; reference:url,doc.emergingthreats.net/2010871; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Neosploit; sid:2010871; rev:6;)

Added 2011-02-04 17:30:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS NeoSploit? Exploit Kit Java exploit drive-by host likely infected (nte)"; flow:established,to_server; uricontent:"/nte/"; nocase; content:"|0d 0a|accept-encoding\: pack200-gzip,gzip|0d 0a|"; nocase; content:"|0d 0a|content-type\: application/x-java-archive|0d 0a|"; nocase; content:!"|0d 0a|Referer\: "; nocase; content:"|0d 0a|User-Agent\: Mozilla"; nocase; content:" Java/"; nocase; within:50; classtype:trojan-activity; reference:url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0; reference:url,doc.emergingthreats.net/2010871; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Neosploit; sid:2010871; rev:4;)

Added 2010-03-04 14:00:50 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS NeoSploit? Exploit Kit Java exploit drive-by host likely infected (nte)"; flow:established,to_server; uricontent:"/nte/"; nocase; content:"|0d 0a|accept-encoding\: pack200-gzip,gzip|0d 0a|"; nocase; content:"|0d 0a|content-type\: application/x-java-archive|0d 0a|"; nocase; content:!"|0d 0a|Referer\: "; nocase; content:"|0d 0a|User-Agent\: Mozilla"; nocase; content:" Java/"; nocase; within:50; classtype:trojan-activity; reference:url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0; reference:url,doc.emergingthreats.net/2010871; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Neosploit; sid:2010871; rev:4;)

Added 2010-03-04 13:59:09 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats