ET EXPLOIT_KIT RedKit/Sakura/CritX/SafePack/FlashPack applet + obfuscated URL Apr 10 2013

7.0.35.0SID: 2016751Rev: 11Enabled1 views
Sourceet/open
Fileemerging-exploit_kit.rules
CreatedApril 12, 2013
UpdatedMarch 13, 2024
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT RedKit/Sakura/CritX/SafePack/FlashPack applet + obfuscated URL Apr 10 2013"; flow:established,to_client; file.data; content:"<applet"; nocase; pcre:"/^((?!(?i:<\/applet>)).)+?(?i:value)[\r\n\s]*=[\r\n\s]*\x5c?[\x22\x27](?!http\x3a\/\/)(?P<h>[^\x22\x27])(?P<t>(?!(?P=h))[^\x22\x27])(?P=t)[^\x22\x27]{2}(?P<slash>(?!((?P=h)|(?P=t)))[^\x22\x27])(?P=slash)[^\x22\x27]+(?P=slash)/Rs"; classtype:exploit-kit; sid:2016751; rev:11; metadata:created_at 2013_04_12, signature_severity Major, updated_at 2024_03_13, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)

Metadata

created at2013_04_12
signature severityMajor
updated at2024_03_13
mitre tactic idTA0005
mitre tactic nameDefense_Evasion
mitre technique idT1027
mitre technique nameObfuscated_Files_or_Information

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!