ET EXPLOIT_KIT Possible Keitaro TDS Redirect
Sourceet/open
Fileemerging-exploit_kit.rules
CreatedJanuary 28, 2016
UpdatedApril 19, 2024
Classificationexploit-kit
alert http1 $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Possible Keitaro TDS Redirect"; flow:established,to_client ; http.stat_code; content:"302"; http.header; content:"LOCATION|3a 20|http"; nocase; content:"Expires|3a 20|Thu, 21 Jul 1977 07|3a|30|3a|00 GMT|0d 0a|" ; fast_pattern; content:"Cache-Control|3a 20|max-age=0|0d 0a|Pragma|3a 20|no-cache|0d 0a|"; pcre:"/Date\x3a\x20(?P<dstring>[^\r\n]+)\r\n.*?Last-Modified\x3a\x20(?P=dstring)\r\n/s"; http.content_type; content:"text/html|3b 20|charset=utf-8"; startswith; endswith; classtype:exploit-kit; sid:2022466; rev:10; metadata:created_at 2016_01_28, confidence Medium, signature_severity Major, tag TDS, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_19;)
Metadata
created at2016_01_28
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_19
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!