#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sakura EK Landing Sep 06 2013"; flow:established,from_server; file_data; content:"/deployJava.js"; fast_pattern; nocase; content:!"<applet"; nocase; content:" RegExp?"; pcre:"/^[\r\n\s]*?\([\r\n\s]*?(?P[\x22\x27])(?P((?!(?P=q)).)+)(?P=q).+?<(?P=m)?a(?P=m)?p(?P=m)?p(?P=m)l(?P=m)?e(?P=m)?t/Rsi"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017433; rev:4; metadata:created_at 2013_09_06, updated_at 2019_10_07;)

Added 2020-02-26 20:42:08 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sakura EK Landing Sep 06 2013"; flow:established,from_server; file_data; content:"/deployJava.js"; fast_pattern:only; nocase; content:!"<applet"; nocase; content:" RegExp?"; pcre:"/^[\r\n\s]*?\([\r\n\s]*?(?P[\x22\x27])(?P((?!(?P=q)).)+)(?P=q).+?<(?P=m)?a(?P=m)?p(?P=m)?p(?P=m)l(?P=m)?e(?P=m)?t/Rsi"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017433; rev:3; metadata:created_at 2013_09_06, updated_at 2019_10_07;)

Added 2019-10-07 19:58:37 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sakura EK Landing Sep 06 2013"; flow:established,from_server; file_data; content:"/deployJava.js"; fast_pattern:only; nocase; content:!"<applet"; nocase; content:" RegExp?"; pcre:"/^[\r\n\s]*?\([\r\n\s]*?(?P[\x22\x27])(?P((?!(?P=q)).)+)(?P=q).+?<(?P=m)?a(?P=m)?p(?P=m)?p(?P=m)l(?P=m)?e(?P=m)?t/Rsi"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017433; rev:3; metadata:created_at 2013_09_06, updated_at 2013_09_06;)

Added 2018-09-13 19:47:40 UTC


Added 2018-09-13 17:58:01 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sakura EK Landing Sep 06 2013"; flow:established,from_server; file_data; content:"/deployJava.js"; fast_pattern:only; nocase; content:!"<applet"; nocase; content:" RegExp?"; pcre:"/^[\r\n\s]*?\([\r\n\s]*?(?P[\x22\x27])(?P((?!(?P=q)).)+)(?P=q).+?<(?P=m)?a(?P=m)?p(?P=m)?p(?P=m)l(?P=m)?e(?P=m)?t/Rsi"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017433; rev:3; metadata:created_at 2013_09_06, updated_at 2013_09_06;)

Added 2017-08-07 21:11:20 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sakura EK Landing Sep 06 2013"; flow:established,from_server; file_data; content:"/deployJava.js"; fast_pattern:only; nocase; content:!"<applet"; nocase; content:" RegExp?"; pcre:"/^[\r\n\s]*?\([\r\n\s]*?(?P[\x22\x27])(?P((?!(?P=q)).)+)(?P=q).+?<(?P=m)?a(?P=m)?p(?P=m)?p(?P=m)l(?P=m)?e(?P=m)?t/Rsi"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017433; rev:2;)

Added 2013-09-06 18:22:17 UTC


Topic revision: r1 - 2020-02-27 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats