ET EXPLOIT_KIT KaiXin Secondary Landing Page
Sourceet/open
Fileemerging-exploit_kit.rules
CreatedJune 18, 2015
UpdatedApril 6, 2024
Classificationexploit-kit
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT KaiXin Secondary Landing Page"; flow:established,to_server ; http.uri; content:"/win.html"; fast_pattern; pcre:"/\/win\.html$/"; http.header; pcre:"/Referer\x3a\x20http\x3a\x2f+(?P<refhost>[^\x3a\x2f\r\n]+)(?:\x3a\d{1,5})?[^\r\n]*?\/(?:index.html)?\r\n.*?\r\nHost\x3a\x20(?P=refhost)[\x3a\r]/si" ; classtype:exploit-kit; sid:2021292; rev:6; metadata:created_at 2015_06_18, signature_severity Major, updated_at 2024_04_06;)
Metadata
created at2015_06_18
signature severityMajor
updated at2024_04_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!