ET DELETED NeoSploit Exploit Kit Java exploit drive-by host likely infected (kav)

SID: 2010870Rev: 80 viewsHistory

Sourceet/open

CreatedJuly 30, 2010

UpdatedJune 23, 2021

Classificationexploit-kit

alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED NeoSploit Exploit Kit Java exploit drive-by host likely infected (kav)"; flow:established,to_server; content:"/kav"; http_uri; nocase; content:"|0d 0a|accept-encoding|3a| pack200-gzip,gzip|0d 0a|"; nocase; content:"|0d 0a|content-type|3a| application/x-java-archive|0d 0a|"; nocase; content:!"|0d 0a|Referer|3a| "; nocase; content:"|0d 0a|User-Agent|3a| Mozilla"; nocase; content:" Java/"; nocase; within:50; reference:url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0; classtype:exploit-kit; sid:2010870; rev:8; metadata:created_at 2010_07_30, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_06_23;)

References

url	www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0

Metadata

created at2010_07_30

signature severityUnknown

tagDescription_Generated_By_Proofpoint_Nexus

updated at2021_06_23

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!