Versions (3)
Version DetailsCurrent
Rev: 3 • Jun 16, 2012, 12:00 PMET DELETED Blackhole obfuscated Java EXE Download by Vulnerable Version - Likely Driveby
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Blackhole obfuscated Java EXE Download by Vulnerable Version - Likely Driveby"; flowbits:isset,ET.http.javaclient.vulnerable; flow:established,to_client; content:"|0d 0a 9c 62 d8 66 66 66 66 54|"; classtype:trojan-activity; sid:2014909; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Any, attack_target Client_Endpoint, created_at 2012_06_16, deployment Perimeter, malware_family Blackhole, signature_severity Critical, tag DriveBy, tag Blackhole, tag Exploit_Kit, updated_at 2019_07_26, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)
Jun 16, 2012, 12:00 PM
Jul 26, 2019, 12:00 PM
Jun 16, 2012, 12:00 PM
Jun 23, 2024, 12:01 PM
rules/emerging-deleted.rules