ET EXPLOIT_KIT CottonCastle/Niteris EK Receiving Payload May 7 2015
Sourceet/open
Fileemerging-exploit_kit.rules
CreatedMay 7, 2015
UpdatedApril 18, 2024
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT CottonCastle/Niteris EK Receiving Payload May 7 2015"; flow:established,to_client ; http.content_type; bsize:22; content:"application/postscript"; fast_pattern; http.header; header_lowercase; content:"cache-control|3a 20|no-cache|2c|no-store|2c|max-age|3d|0|2c|must-revalidate|0d 0a|"; content:"content-disposition|3a 20|inline|3b 20|filename|3d|"; pcre:"/^[a-z]{10}\.[a-z]{3}\r?$/Rm"; classtype:exploit-kit; sid:2021064; rev:6; metadata:created_at 2015_05_07, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_18;)
Metadata
created at2015_05_07
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_18
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!