#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED 0day JRE 17 exploit Class 1"; flow:established,to_client; content:"|0d 0a 0d 0a|PK"; content:"|2f|Gondvv.class"; distance:0; reference:url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html; classtype:trojan-activity; sid:2015655; rev:5; metadata:created_at 2012_08_28, updated_at 2012_08_28;)

Added 2017-08-07 21:09:16 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED 0day JRE 17 exploit Class 1"; flow:established,to_client; file_data; content:"PK"; within:2; content:"|2f|Gondvv.class"; distance:0; reference:url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html; classtype:trojan-activity; sid:2015655; rev:3;)

Added 2012-12-07 19:21:01 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats