Versions (3)
Version DetailsCurrent
Rev: 3 • Nov 24, 2010, 12:00 PMET EXPLOIT PDF served from /tmp/ could be Phoenix Exploit Kit
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT PDF served from /tmp/ could be Phoenix Exploit Kit"; flow:established,to_server; content:"/tmp/"; http_uri; content:".pdf"; http_uri; pcre:"/\/tmp\/[^\/]+\.pdf$/U"; classtype:exploit-kit; sid:2011972; rev:3; metadata:created_at 2010_11_24, signature_severity Major, updated_at 2019_07_26;)
Nov 24, 2010, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules