ET MALWARE Possible click2play bypass Oct 19 2015 as observed in PawnStorm
Sourceet/open
Fileemerging-malware.rules
CreatedOctober 21, 2015
UpdatedMarch 14, 2024
Classificationtargeted-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible click2play bypass Oct 19 2015 as observed in PawnStorm"; flow:established,to_client ; file.data; content:"javax.naming.InitialContext"; fast_pattern; content:"progress-class"; nocase; pcre:"/^\s*?=\s*?[\x22\x27]javax.naming.InitialContext/Rsi"; content:"</jnlp>"; nocase; distance:0; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/ ; classtype:targeted-activity; sid:2021985; rev:5; metadata:created_at 2015_10_21, confidence Medium, signature_severity Major, updated_at 2024_03_14;)
Metadata
created at2015_10_21
confidenceMedium
signature severityMajor
updated at2024_03_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!