ET EXPLOIT Possible click2play bypass Oct 19 2015 B64 2

SID: 2021987Rev: 20 views
History
Sourceet/open
CreatedOctober 21, 2015
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible click2play bypass Oct 19 2015 B64 2"; flow:established,from_server; file_data; content:"Byb2dyZXNzLWNsYXNz"; pcre:"/^[A-Za-z0-9+/]*?(?:amF2YXgubmFtaW5nLkluaXRpYWxDb250ZXh0|phdmF4Lm5hbWluZy5Jbml0aWFsQ29udGV4d|qYXZheC5uYW1pbmcuSW5pdGlhbENvbnRleH)/R"; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/; classtype:trojan-activity; sid:2021987; rev:2; metadata:created_at 2015_10_21, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

References

urlblog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/

Metadata

created at2015_10_21
confidenceMedium
signature severityMajor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!