ET HUNTING Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a
Sourceet/open
CreatedJuly 14, 2011
UpdatedFebruary 4, 2025
Classificationshellcode-detect
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a"; flow:established,to_client; file.data; content:"|5C|x0a|5C|x0a|5C|x0a|5C|x0a"; nocase; threshold:type limit,count 1,seconds 300,track by_src; reference:url,www.darkreading.com/security/vulnerabilities/221901428/index.html; classtype:shellcode-detect; sid:2013267; rev:7; metadata:created_at 2011_07_14, confidence Medium, signature_severity Minor, updated_at 2025_02_04, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)
Metadata
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!