ET EXPLOIT_KIT Possible HanJuan EK URI Struct Actor Specific
Sourceet/open
Fileemerging-exploit_kit.rules
CreatedNovember 7, 2014
UpdatedMarch 16, 2024
Classificationexploit-kit
alert http $HOME_NET any -> [216.157.99.0/24,72.51.32.0/20,76.74.152.0/21] any (msg:"ET EXPLOIT_KIT Possible HanJuan EK URI Struct Actor Specific"; flow:established,to_server ; http.uri; content:"?zho="; fast_pattern; pcre:"/\/(?:[a-z0-9]{1,7}\.php)?\?zho=/" ; classtype:exploit-kit; sid:2019673; rev:3; metadata:created_at 2014_11_07, confidence Medium, signature_severity Major, updated_at 2024_03_16;)
Metadata
created at2014_11_07
confidenceMedium
signature severityMajor
updated at2024_03_16
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!