alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible CVE-2014-4113 Exploit Download"; flow:to_client,established; file_data; content:"MZ"; within:2; byte_jump:4,58,relative,little; content:"PE|00 00|"; distance:-64; within:4; content:"|fb ff ff ff|"; content:"|0b 00 00 00 01 00 00 00|"; content:"|25 00 00 00 01 00 00 00|"; content:"|8b 00 00 00 01 00 00 00|"; fast_pattern; reference:url,blog.crowdstrike.com/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-exploit-cve-2014-4113-hurricane-panda/; reference:cve,2014-4141; classtype:attempted-user; sid:2019420; rev:3; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, deployment Perimeter, tag Web_Client_Attacks, signature_severity Major, created_at 2014_10_15, updated_at 2016_07_01;)

Added 2017-08-07 21:13:40 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible CVE-2014-4113 Exploit Download"; flow:to_client,established; file_data; content:"MZ"; within:2; byte_jump:4,58,relative,little; content:"PE|00 00|"; distance:-64; within:4; content:"|fb ff ff ff|"; content:"|0b 00 00 00 01 00 00 00|"; content:"|25 00 00 00 01 00 00 00|"; content:"|8b 00 00 00 01 00 00 00|"; fast_pattern; reference:url,blog.crowdstrike.com/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-exploit-cve-2014-4113-hurricane-panda/; reference:cve,2014-4141; classtype:attempted-user; sid:2019420; rev:3;)

Added 2015-07-17 17:00:19 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible CVE-2014-4113 Exploit Download"; flow:to_client,established; file_data; content:"|fb ff ff ff|"; content:"|0b 00 00 00 01 00 00 00|"; content:"|25 00 00 00 01 00 00 00|"; content:"|8b 00 00 00 01 00 00 00|"; fast_pattern; reference:url,blog.crowdstrike.com/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-exploit-cve-2014-4113-hurricane-panda/; reference:cve,2014-4141; classtype:attempted-user; sid:2019420; rev:2;)

Added 2014-10-15 15:03:15 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats