ET EXPLOIT_KIT heapSpray in jjencode
Sourceet/open
Fileemerging-exploit_kit.rules
CreatedDecember 10, 2013
UpdatedMarch 13, 2024
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT heapSpray in jjencode"; flow:established,to_client ; file.data; content:".__$+"; pcre:"/^(?P<sep>((?!\.\$\_\$\+).){1,10})\.\$\_\$\+(?P=sep)\.___\+(?P=sep)\.\$\$\$\_\+(?P=sep)\.\$\_\$\_\+\"\\\"\+(?P=sep)\.\_\_\$\+(?P=sep)\.\$\$\_\+(?P=sep)\.\_\_\_\+\"\\\"\+(?P=sep)\.\_\_\$\+(?P=sep)\.\_\$\_\+(?P=sep)\.\_\$\$\+\"\\\"\+(?P=sep)\.\_\_\$\+(?P=sep)\.\$\$\_\+(?P=sep)\.\_\_\_\+\"\\\"\+(?P=sep)\.\_\_\$\+(?P=sep)\.\$\$\_\+(?P=sep)\.\_\$\_\+(?P=sep)\.\$\_\$\_\+\"\\\"\+(?P=sep)\.\_\_\$\+(?P=sep)\.\$\$\$\+(?P=sep)\.\_\_\$/R" ; reference:url,www.invincea.com/2013/12/e-k-i-a-adobe-reader-exploit-cve-2013-3346-kernel-ndproxy-sys-zero-day-eop/ ; classtype:exploit-kit; sid:2017823; rev:4; metadata:created_at 2013_12_10, signature_severity Major, updated_at 2024_03_13;)
References
Metadata
created at2013_12_10
signature severityMajor
updated at2024_03_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!