ET DELETED Obfuscation Technique Used in CVE-2014-0322 Attacks

SID: 2018179Rev: 60 views
History
Sourceet/open
CreatedFebruary 26, 2014
UpdatedJanuary 19, 2023
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Obfuscation Technique Used in CVE-2014-0322 Attacks"; flow:established,from_server; file_data; content:"|2f|%u([0-9a-fA-F]{1,4}"; nocase; fast_pattern; content:"decode"; nocase; pcre:"/^\s*?\(\s*?key\s*?,\s*?js\s*?/Rsi"; content:"decode"; nocase; pcre:"/^\s*?\(\s*?[^,\s]*?\s*?,\s*?[\x22\x27][a-f0-9]{100}/Rsi"; classtype:trojan-activity; sid:2018179; rev:6; metadata:created_at 2014_02_26, signature_severity Unknown, tag CISA_KEV, updated_at 2023_01_19;)

Metadata

created at2014_02_26
signature severityUnknown
tagCISA_KEV
updated at2023_01_19

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!