ET DELETED NeoSploit Exploit Kit Java exploit drive-by host likely infected (nte)

SID: 2010871Rev: 70 viewsHistory

Sourceet/open

CreatedJuly 30, 2010

UpdatedAugust 22, 2019

Classificationexploit-kit

alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED NeoSploit Exploit Kit Java exploit drive-by host likely infected (nte)"; flow:established,to_server; content:"/nte/"; http_uri; nocase; content:"|0d 0a|accept-encoding|3a| pack200-gzip,gzip|0d 0a|"; nocase; content:"|0d 0a|content-type|3a| application/x-java-archive|0d 0a|"; nocase; content:!"|0d 0a|Referer|3a| "; nocase; content:"|0d 0a|User-Agent|3a| Mozilla"; nocase; content:" Java/"; nocase; within:50; reference:url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0; classtype:exploit-kit; sid:2010871; rev:7; metadata:created_at 2010_07_30, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_08_22;)

References

url	www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0

Metadata

created at2010_07_30

signature severityUnknown

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_08_22

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!