alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Generic - PDF with NEW PDF EXPLOIT"; flow:established,to_client; file_data; content:"%PDF"; depth:4; fast_pattern; content:"NEW PDF EXPLOIT"; classtype:trojan-activity; sid:2014966; rev:3; metadata:created_at 2012_06_26, updated_at 2012_06_26;)

Added 2017-08-07 21:08:26 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Generic - PDF with NEW PDF EXPLOIT"; flow:established,to_client; file_data; content:"%PDF"; within:4; fast_pattern; content:"NEW PDF EXPLOIT"; classtype:trojan-activity; sid:2014966; rev:2;)

Added 2012-06-26 21:37:34 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats