alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Fake MS Security Update (Jar)"; flow:established,from_server; file_data; content:"Microsoft Security Update"; content:"applet_ssv_validated"; fast_pattern:only; flowbits:set,et.exploitkitlanding; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2017549; rev:2; metadata:created_at 2013_10_01, updated_at 2013_10_01;)

Added 2019-09-10 20:12:50 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fake MS Security Update (Jar)"; flow:established,from_server; file_data; content:"Microsoft Security Update"; content:"applet_ssv_validated"; fast_pattern:only; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017549; rev:2; metadata:created_at 2013_10_01, updated_at 2013_10_01;)

Added 2018-09-13 19:47:49 UTC


Added 2018-09-13 17:58:05 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fake MS Security Update (Jar)"; flow:established,from_server; file_data; content:"Microsoft Security Update"; content:"applet_ssv_validated"; fast_pattern:only; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017549; rev:2; metadata:created_at 2013_10_01, updated_at 2013_10_01;)

Added 2017-08-07 21:11:28 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fake MS Security Update (Jar)"; flow:established,from_server; file_data; content:"Microsoft Security Update"; content:"applet_ssv_validated"; fast_pattern:only; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017549; rev:1;)

Added 2013-10-01 20:08:24 UTC


Topic revision: r1 - 2019-09-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats