ET MALWARE GoonEK Jan 21 2013

7.0.35.0SID: 2017993Rev: 11Disabled0 views
Sourceet/open
Fileemerging-malware.rules
CreatedJanuary 22, 2014
UpdatedMarch 13, 2024
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE GoonEK Jan 21 2013"; flow:established,to_client; file.data; content:"#default#VML"; fast_pattern; content:"|5c 5c 3a|"; content:"|5c 5c 3a|"; distance:0; content:".namespaces.add"; nocase; pcre:"/^[\r\n\s]*?\([^\)]*?[\x22\x27]#/Ri"; content:!"default#VML"; within:12; pcre:"/^d(?:[\x22\x27][\r\n\s]*?\+[\r\n\s]*?[\x22\x27])?e(?:[\x22\x27][\r\n\s]*?\+[\r\n\s]*?[\x22\x27])?f(?:[\x22\x27][\r\n\s]*?\+[\r\n\s]*?[\x22\x27])?a(?:[\x22\x27][\r\n\s]*?\+[\r\n\s]*?[\x22\x27])?u(?:[\x22\x27][\r\n\s]*?\+[\r\n\s]*?[\x22\x27])?l(?:[\x22\x27][\r\n\s]*?\+[\r\n\s]*?[\x22\x27])?t(?:[\x22\x27][\r\n\s]*?\+[\r\n\s]*?[\x22\x27])?#(?:[\x22\x27][\r\n\s]*?\+[\r\n\s]*?[\x22\x27])?V(?:[\x22\x27][\r\n\s]*?\+[\r\n\s]*?[\x22\x27])?M(?:[\x22\x27][\r\n\s]*?\+[\r\n\s]*?[\x22\x27])?L[\x22\x27]/Rs"; classtype:exploit-kit; sid:2017993; rev:11; metadata:created_at 2014_01_22, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_13;)

Metadata

created at2014_01_22
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_13

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!