ET DELETED Possible g01pack Exploit Pack Malicious JAR File Request

SID: 2012807Rev: 40 views
History
Sourceet/open
CreatedMay 15, 2011
UpdatedJuly 26, 2019
Classificationexploit-kit
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Possible g01pack Exploit Pack Malicious JAR File Request"; flow:established,to_server; content:".jar"; http_uri; fast_pattern; content:"User-Agent|3a|"; nocase; http_header; content:"Java/"; within:200; http_header; pcre:"/\/[0-9a-f]{32}\.jar$/U"; reference:url,blog.tllod.com/2010/11/03/statistics-dont-lie-or-do-they/; reference:url,community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx; classtype:exploit-kit; sid:2012807; rev:4; metadata:created_at 2011_05_15, signature_severity Unknown, updated_at 2019_07_26;)

References

urlblog.tllod.com/2010/11/03/statistics-dont-lie-or-do-they/
urlcommunity.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx

Metadata

created at2011_05_15
signature severityUnknown
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!