Versions (4)
Version DetailsCurrent
Rev: 20 • Dec 19, 2012, 12:00 PMET DELETED CoolEK - Jar - Jun 05 2013
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CoolEK - Jar - Jun 05 2013"; flow:to_server,established; content:".jar"; nocase; fast_pattern:only; http_uri; content:"Java/1."; http_user_agent; pcre:"/Host\x3a[^\r\n]+?\.(pw|us)(\x3a\d{1,5})?\r$/Hmi"; pcre:"/^(\/[a-z]{3,20})?\/([a-z]{3,20}[-_])+[a-z]{3,20}\.jar$/U"; classtype:exploit-kit; sid:2016060; rev:20; metadata:created_at 2012_12_19, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_06_23;)
Dec 19, 2012, 12:00 PM
Jun 23, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 22, 2025, 10:34 PM
rules/emerging-deleted.rules