Versions (2)
Version DetailsCurrent
Rev: 6 • Jun 22, 2012, 12:00 PMET DELETED Blackhole RawValue Exploit PDF
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Blackhole RawValue Exploit PDF"; flow:established,to_client; file_data; content:"%PDF-"; depth:5; content:"|2E|rawValue|5D 5B|0|5D 2E|split|28 27 2D 27 29 3B 26 23|"; distance:0; reference:cve,2010-0188; classtype:trojan-activity; sid:2014940; rev:6; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2012_06_22, deployment Perimeter, malware_family Blackhole, signature_severity Critical, tag Blackhole, tag Exploit_Kit, updated_at 2020_08_20;)
Jun 22, 2012, 12:00 PM
Aug 20, 2020, 12:00 PM
Jun 22, 2012, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-deleted.rules