ET EXPLOIT_KIT DRIVEBY SPL - Java Exploit Requested .jar Naming Pattern - Suricata Rule 2015604 (et/open)

ET EXPLOIT_KIT DRIVEBY SPL - Java Exploit Requested .jar Naming Pattern

SID: 2015604Rev: 40 views

Sourceet/open

CreatedAugust 10, 2012

UpdatedMarch 3, 2024

Classificationexploit-kit

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT DRIVEBY SPL - Java Exploit Requested .jar Naming Pattern"; flow:established,to_server; http.uri; content:"-a."; content:".jar"; endswith; fast_pattern; pcre:"/\/[a-z]{4,20}-a\.[a-z]{4,20}\.jar$/"; http.user_agent; content:" Java/"; classtype:exploit-kit; sid:2015604; rev:4; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2012_08_10, deployment Perimeter, signature_severity Major, tag DriveBy, updated_at 2024_03_03;)

Metadata

affected productAny

attack targetClient_Endpoint

created at2012_08_10

deploymentPerimeter

signature severityMajor

tagDriveBy

updated at2024_03_03

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!