ET EXPLOIT_KIT Eval With Base64.decode seen in DOL Watering Hole Attack 05/01/13

7.0.35.0SID: 2016807Rev: 9Disabled1 views
Sourceet/open
Fileemerging-exploit_kit.rules
CreatedMay 2, 2013
UpdatedApril 7, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Eval With Base64.decode seen in DOL Watering Hole Attack 05/01/13"; flow:established,to_client; flowbits:set,et.exploitkitlanding; file.data; content:"Base64.decode"; nocase; fast_pattern; content:"eval("; nocase; pcre:"/^[\r\n\s]*?Base64\.decode[\r\n\s]*?\x28[\r\n\s]*?[\x22\x27]/Ri"; content:!"|22|J0RVREFPTkUn|22|"; content:!"|22|J01PQklMRSc|3D 22|"; classtype:trojan-activity; sid:2016807; rev:9; metadata:created_at 2013_05_02, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_07;)

Metadata

created at2013_05_02
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_07

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!