alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile Obfuscation Attempt"; flow:established,to_client; content:"PDF-"; depth:300; content:"unescape|28|"; nocase; distance:0; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,doc.emergingthreats.net/2010881; classtype:bad-unknown; sid:2010881; rev:5;)

Added 2011-10-12 19:30:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile Obfuscation Attempt"; flow:established,to_client; content:"PDF-"; depth:300; content:"unescape|28|"; nocase; distance:0; classtype:bad-unknown; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,doc.emergingthreats.net/2010881; sid:2010881; rev:5;)

Added 2011-04-12 14:06:59 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile Obfuscation Attempt"; flow:established,to_client; content:"PDF-"; nocase; depth:300; content:"unescape|28|"; nocase; distance:0; classtype:bad-unknown; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,doc.emergingthreats.net/2010881; sid:2010881; rev:4;)

Added 2011-02-04 17:30:33 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile Obfuscation Attempt"; flow:established,to_client; content:"PDF-"; nocase; depth:300; content:"unescape|28|"; nocase; distance:0; classtype:bad-unknown; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,doc.emergingthreats.net/2010881; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Adobe; sid:2010881; rev:5;)

Added 2010-09-14 11:33:54 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile Obfuscation Attempt"; flow:established,to_client; content:"PDF-"; nocase; depth:300; content:"unescape|28|"; nocase; distance:0; classtype:bad-unknown; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,doc.emergingthreats.net/2010881; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Adobe; sid:2010881; rev:5;)

Added 2010-09-14 11:33:54 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY .pdf File Download With Unescape Method Defined - Possible Hostile Obfuscation Attempt"; flow:established,to_client; content:"PDF-"; nocase; depth:300; content:"unescape|28|"; nocase; distance:0; classtype:misc-activity; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,doc.emergingthreats.net/2010881; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_PDF; sid:2010881; rev:3;)

Added 2010-07-26 11:52:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY .pdf File Download With Unescape Method Defined - Possible Hostile Obfuscation Attempt"; flow:established,to_client; content:"PDF-"; nocase; depth:300; content:"unescape|28|"; nocase; distance:0; classtype:misc-activity; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,doc.emergingthreats.net/2010881; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_PDF; sid:2010881; rev:3;)

Added 2010-07-26 11:52:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY .pdf File Download With Unescape Method Defined - Possibly Hostile"; flow:established,to_client; content:"PDF-"; nocase; depth:300; content:"unescape"; nocase; distance:0; classtype:misc-activity; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,doc.emergingthreats.net/2010881; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_PDF; sid:2010881; rev:2;)

Added 2010-03-08 13:53:45 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats