ET EXPLOIT_KIT Safe/CritX/FlashPack EK Secondary Landing

7.0.35.0SID: 2018573Rev: 4Disabled3 views
Sourceet/open
Fileemerging-exploit_kit.rules
CreatedJune 17, 2014
UpdatedMarch 13, 2024
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Safe/CritX/FlashPack EK Secondary Landing"; flow:established,to_client; file.data; content:".getVersion"; pcre:"/^\s*?\(\s*?[\x22\x27]Java[\x22\x27]/Rsi"; content:"621"; distance:0; pcre:"/^\W.{0,50}<\s*?=\s*?645\W[^{]*?{[^\}]*?\(\s*?document\s*?\)\s*?\[\s*?[\x22\x27]body[\x22\x27]\s*?\]\[\s*?[\x22\x27]appendChild[\x22\x27]\s*?\]/Rsi"; content:"700"; pcre:"/^\W.{0,50}<\s*?725\W/Rsi"; content:".getVersion"; pcre:"/^\s*?\(\s*?[\x22\x27]Flash[\x22\x27]/Rsi"; classtype:exploit-kit; sid:2018573; rev:4; metadata:created_at 2014_06_17, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_13;)

Metadata

created at2014_06_17
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_13

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!