Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0a0a0a0a"; flow:established,to_client; file.data; content:"|5C 5C|x0a|5C 5C|x0a|5C 5C|x0a|5C 5C|x0a"; nocase; fast_pattern; threshold:type limit,count 1,seconds 300,track by_src; reference:url,www.darkreading.com/security/vulnerabilities/221901428/index.html; classtype:shellcode-detect; sid:2013274; rev:4; metadata:created_at 2011_07_14, confidence High, signature_severity Major, updated_at 2025_02_04, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)