00869 alert tcp $EXTERNAL_NET any -> $HOME_NET any ( msg:"EXPLOIT-KIT Cool exploit kit malicious jar download"; flow:to_client,established; file_data; content:"MyApplet$MyBufferedImage.class"; metadata:policy balanced-ips drop,policy security-ips drop,service http; reference:cve,2006-0003; reference:cve,2010-0188; reference:cve,2011-3402; reference:cve,2012-0507; reference:cve,2012-1889; reference:cve,2012-4681; reference:cve,2012-4792; reference:cve,2012-5076; reference:cve,2013-0422; reference:cve,2013-0431; reference:cve,2013-0634; reference:cve,2013-1493; reference:cve,2013-2423; classtype:trojan-activity; sid:26256; rev:2; service:http; )
02112 alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS any ( msg:"FILE-OFFICE OpenOffice OLE File Stream Buffer Overflow attempt"; flow:to_server,established; flowbits:isset,file.ole; file_data; content:"W|00|o|00|r|00|d|00|D|00|o|00|c|00|u|00|m|00|e|00|n|00|t|00|",nocase; byte_test:4,>,0x80000000,96,relative,little; metadata:policy balanced-ips drop,policy security-ips drop,service smtp; reference:bugtraq,28819; reference:cve,2008-0320; classtype:attempted-user; sid:26453; rev:1; service:smtp; )
END OF CODE