ET EXPLOIT Neosploit Exploit Pack Activity Observed
Sourceet/open
Fileemerging-exploit.rules
CreatedOctober 2, 2010
UpdatedApril 9, 2024
Classificationattempted-user
alert http1 $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET EXPLOIT Neosploit Exploit Pack Activity Observed"; flow:established,to_server ; http.method; content:"GET"; nocase; http.uri; pcre:"/\.(php|asp|py|exe|htm|html)\/[joewxy](U[0-9a-f]{8})?H[0-9a-f]{8}V[0-9a-f]{8}\d{3}R[0-9a-f]{8}\d{3}T[0-9a-f]{8,}/" ; http.header_names; content:"|0d 0a|User-Agent|0d 0a|"; nocase; content:!"|0d 0a|Referer|0d 0a|"; nocase; reference:url,blog.fireeye.com/research/2010/01/pdf-obfuscation.html ; reference:url,blog.fireeye.com/research/2010/06/neosploit_notes.html ; reference:url,dxp2532.blogspot.com/2007/12/neosploit-exploit-toolkit.html ; classtype:attempted-user; sid:2011583; rev:7; metadata:created_at 2010_10_02, signature_severity Major, updated_at 2024_04_09;)
References
Metadata
created at2010_10_02
signature severityMajor
updated at2024_04_09
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!