ET HUNTING suspicious - gzipped file via JAVA - could be pack200-ed JAR - Suricata Rule 2017910 (et/open)

ET HUNTING suspicious - gzipped file via JAVA - could be pack200-ed JAR

SID: 2017910Rev: 326 viewsHistory

Sourceet/open

CreatedDecember 30, 2013

UpdatedJuly 26, 2019

Classificationtrojan-activity

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING suspicious - gzipped file via JAVA - could be pack200-ed JAR"; flow:established,from_server; flowbits:isset,ET.http.javaclient; file_data; content:"|1f 8b 08 00|"; depth:4; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017910; rev:3; metadata:created_at 2013_12_30, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

Metadata

created at2013_12_30

confidenceMedium

signature severityMajor

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!