ET EXPLOIT_KIT Fiesta EK Landing Nov 05 2014
Sourceet/open
Fileemerging-exploit_kit.rules
CreatedNovember 6, 2014
UpdatedMarch 14, 2024
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Fiesta EK Landing Nov 05 2014"; flow:established,to_client ; file.data; content:"=|27|c"; pcre:"/^(?:\x27\s*?\+\s*?\x27)?h(?:\x27\s*?\+\s*?\x27)?a(?:\x27\s*?\+\s*?\x27)?r(?:\x27\s*?\+\s*?\x27)?A(?:\x27\s*?\+\s*?\x27)?/R" ; content:"t|27 3b|return"; within:9; fast_pattern; content:".indexOf"; pcre:"/^\s*?\x28\s*?[a-z0-9]{4,6}\s*?\x28\s*?[a-z0-9]{1,3}\s*?,\s*?[a-z0-9]{1,3}\s*?\x29\s*?\x29\s*?\x3b\s*?(?P<var>[a-z0-9]{1,3})\s*?\x3d\s*?\x28\s*?(?P=var)\s*?\x2b\s*?[a-z0-9]{1,3}\s*?\x29\s*?\x25\s*?[a-z0-9]{1,3}\.length\x3b/R" ; classtype:exploit-kit; sid:2019655; rev:7; metadata:created_at 2014_11_06, confidence High, signature_severity Major, updated_at 2024_03_14;)
Metadata
created at2014_11_06
confidenceHigh
signature severityMajor
updated at2024_03_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!