splApache-2.0from splunk/security_content

Cisco Secure Firewall - Oracle E-Business Suite Exploitation

This analytic detects vulnerability exploitation and post-compromise activity associated with Oracle E-Business Suite web-application vulnerabilities, CVE-2025-61882 and CVE-2025-61884. SIDs 65413-65415 detect detect Java.Backdoor.Cl0p variant payload downloads and Java.Backdoor.Cl0p outbound command-and-control connection attempts. SIDs 65456, 65377 and 65378 detect attempts to exploit these vulnerabilities. Security teams should investigate any instances of these signatures, especially if they are found in conjunction with other suspicious network activity or on systems that should not be exposed to such threats.

Quality

FP risk

—

Forks

Views

Rule source🔒 locked

title: ████████████████████████
id: ████████-████-████-████-████████████
status: ██████████
description: ██████████████████████████████████████████
             ████████████████████████████████████████
author: ████████
tags:
  - attack.████
  - attack.████
logsource:
  product: ████████
  category: ████████████
detection:
  selection:
    Image|endswith: '████████████████'
    CommandLine|contains:
      - '████████████████████████'
      - '████████████████████████'
      - '██████████████████'
  condition: selection
level: ████████
falsepositives:
  - ████████████████████

🔒

Sign in to view the rule source

Free accounts can view the source for the top-ranked rules. Create one in seconds — no credit card required.