""ET CURRENT_EVENTS CVE-2014-6332 Sep 01 2016 (HFS Actor) M1""
SID: 2023145
Revision: 1
Class Type: trojan-activity
Metadata: affected_product Internet_Explorer, attack_target Client_Endpoint, created_at 2016_09_01, cve CVE_2014_6332, deployment Perimeter, malware_family IEiExploit, performance_impact Low, signature_severity Major, updated_at 2016_09_01
Reference:
-
cve
-
2014-6332
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "|26 63 68 72 77 28 32 31 37 36 29 26 63 68 72 77 28 30 31 29 26|"
-
Value: "|26 63 68 72 77 28 33 32 37 36 37 29|"
-
Value: "|73 65 74 6e 6f 74 73 61 66 65 6d 6f 64 65 28 29|"
-
Value: "|72 75 6e 73 68 65 6c 6c 63 6f 64 65 28 29|"
Within:
PCRE:
Special Options:
-
file_data
-
nocase
-
nocase
-
nocase
-
nocase