alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT SUSPICIOUS Java Lang Runtime in Response"; flow:from_server,established; file_data; content:!"|CA FE BA BE|"; within:4; content:"getClass"; nocase; content:"java.lang.Runtime"; nocase; fast_pattern; content:"getRuntime"; nocase; content:"exec"; nocase; content:"script"; nocase; metadata: former_category WEB_CLIENT; classtype:bad-unknown; sid:2018172; rev:3; metadata:created_at 2014_02_25, updated_at 2019_10_07;)

Added 2019-10-09 19:08:52 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT SUSPICIOUS Java Lang Runtime in Response"; flow:from_server,established; file_data; content:!"|CA FE BA BE|"; within:4; content:"getClass"; nocase; content:"java.lang.Runtime"; nocase; fast_pattern:only; content:"getRuntime"; nocase; content:"exec"; nocase; content:"script"; nocase; metadata: former_category EXPLOIT_KIT; classtype:bad-unknown; sid:2018172; rev:2; metadata:created_at 2014_02_25, updated_at 2019_10_07;)

Added 2019-10-07 19:58:42 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT SUSPICIOUS Java Lang Runtime in Response"; flow:from_server,established; file_data; content:!"|CA FE BA BE|"; within:4; content:"getClass"; nocase; content:"java.lang.Runtime"; nocase; fast_pattern:only; content:"getRuntime"; nocase; content:"exec"; nocase; content:"script"; nocase; metadata: former_category EXPLOIT_KIT; classtype:bad-unknown; sid:2018172; rev:2; metadata:created_at 2014_02_25, updated_at 2014_02_25;)

Added 2019-09-10 20:12:50 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Java Lang Runtime in Response"; flow:from_server,established; file_data; content:!"|CA FE BA BE|"; within:4; content:"getClass"; nocase; content:"java.lang.Runtime"; nocase; fast_pattern:only; content:"getRuntime"; nocase; content:"exec"; nocase; content:"script"; nocase; classtype:bad-unknown; sid:2018172; rev:2; metadata:created_at 2014_02_25, updated_at 2014_02_25;)

Added 2018-09-13 19:48:28 UTC


Added 2018-09-13 17:58:28 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Java Lang Runtime in Response"; flow:from_server,established; file_data; content:!"|CA FE BA BE|"; within:4; content:"getClass"; nocase; content:"java.lang.Runtime"; nocase; fast_pattern:only; content:"getRuntime"; nocase; content:"exec"; nocase; content:"script"; nocase; classtype:bad-unknown; sid:2018172; rev:2; metadata:created_at 2014_02_25, updated_at 2014_02_25;)

Added 2017-08-07 21:12:13 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Java Lang Runtime in Response"; flow:from_server,established; file_data; content:!"|CA FE BA BE|"; within:4; content:"getClass"; nocase; content:"java.lang.Runtime"; nocase; fast_pattern:only; content:"getRuntime"; nocase; content:"exec"; nocase; content:"script"; nocase; classtype:bad-unknown; sid:2018172; rev:1;)

Added 2014-02-25 19:42:02 UTC



This topic: Main > 2018172
Topic revision: r1 - 2019-10-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats