ET HUNTING JAR Sent Claiming To Be Text Content - Likely Exploit Kit - Suricata Rule 2018234 (et/open)

ET HUNTING JAR Sent Claiming To Be Text Content - Likely Exploit Kit

SID: 2018234Rev: 411 viewsHistory

Sourceet/open

CreatedMarch 8, 2014

UpdatedApril 24, 2023

Classificationbad-unknown

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING JAR Sent Claiming To Be Text Content - Likely Exploit Kit"; flow:established,to_client; flowbits:isset,ET.http.javaclient; http.content_type; content:"text/"; startswith; file.data; content:"PK"; within:2; content:".class"; fast_pattern; distance:10; within:500; classtype:bad-unknown; sid:2018234; rev:4; metadata:created_at 2014_03_08, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_04_24;)

Metadata

created at2014_03_08

confidenceMedium

signature severityInformational

tagDescription_Generated_By_Proofpoint_Nexus

updated at2023_04_24

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!