ET DELETED Blackhole obfuscated Java EXE Download by Vulnerable Version - Likely Driveby - Suricata Rule 2014909 (et/open)

ET DELETED Blackhole obfuscated Java EXE Download by Vulnerable Version - Likely Driveby

SID: 2014909Rev: 352 viewsHistory

Sourceet/open

CreatedJune 16, 2012

UpdatedJuly 26, 2019

Classificationtrojan-activity

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Blackhole obfuscated Java EXE Download by Vulnerable Version - Likely Driveby"; flowbits:isset,ET.http.javaclient.vulnerable; flow:established,to_client; content:"|0d 0a 9c 62 d8 66 66 66 66 54|"; classtype:trojan-activity; sid:2014909; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Any, attack_target Client_Endpoint, created_at 2012_06_16, deployment Perimeter, malware_family Blackhole, signature_severity Critical, tag DriveBy, tag Blackhole, tag Exploit_Kit, updated_at 2019_07_26, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)

Metadata

affected productAny

attack targetClient_Endpoint

created at2012_06_16

deploymentPerimeter

malware familyBlackhole

signature severityCritical

tagExploit_Kit

updated at2019_07_26

mitre tactic idTA0005

mitre tactic nameDefense_Evasion

mitre technique idT1027

mitre technique nameObfuscated_Files_or_Information

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!