[Emerging-Sigs] request update sig 2015841 rev 2

rmkml rmkml at yahoo.fr
Sat Dec 1 14:04:39 HAST 2012


Hi,

I request a update on this sig:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Unknown Exploit Kit Landing Page"; 
flow:established,to_server; content:"/Applet.jar"; http_uri; fast_pattern:only; pcre:"/^\/Applet\.jar$/U"; classtype:successful-user; 
sid:2015841; rev:2;)

-remove pcre
-replace by urilen:11

Regards
Rmkml

http://twitter.com/rmkml


More information about the Emerging-sigs mailing list