alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit Kit 32 byte hex with trailing digit java payload request"; flow:established,to_server; urilen:>32; content:"Java/1."; http_user_agent; pcre:"/^\/(?:[\/_]*?[a-f0-9][\/_]*?){32}\/\d+?$/U"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2015888; rev:8; metadata:created_at 2012_11_15, updated_at 2012_11_15;)

Added 2017-08-07 21:09:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit Kit 32 byte hex with trailing digit java payload request"; flow:established,to_server; urilen:>32; content:"Java/1."; http_header; pcre:"/^\/(?:[\/_]*?[a-f0-9][\/_]*?){32}\/\d+?$/U"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2015888; rev:6;)

Added 2013-12-05 22:44:02 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit Kit 32-32 byte hex java payload request"; flow:established,to_server; urilen:>32; content:"Java/1."; http_header; pcre:"/^\/(?:[\/_]*?[a-f0-9][\/_]*?){32}\/\d+?$/U"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2015888; rev:5;)

Added 2013-11-21 20:25:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit Kit 32-32 byte hex java payload request"; flow:established,to_server; urilen:35; pcre:"/^\/[a-f0-9]{32}\/[0-9]$/Ui"; content:" Java/1"; http_header; fast_pattern:only; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2015888; rev:3;)

Added 2013-09-18 19:11:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Popads/Unknown Java Exploit Kit 32-32 byte hex java payload request"; flow:established,to_server; urilen:35; pcre:"/^\/[a-f0-9]{32}\/[0-9]$/Ui"; content:" Java/1"; http_header; fast_pattern:only; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2015888; rev:2;)

Added 2013-04-28 22:43:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Popads/Unknown Java Exploit Kit 32-32 byte hex java payload request"; flow:established,to_server; content:"/0"; http_uri; offset:33; depth:2; urilen:35; pcre:"/\/[a-f0-9]{32}\/0/U"; flowbits:isset,ET.http.javaclient.vulnerable; content:" Java/1"; http_header; fast_pattern:only; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2015888; rev:1;)

Added 2012-11-15 19:06:24 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats