Rule History

SID: 2014548 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 5 • Apr 12, 2012, 12:00 PM

Message:

ET EXPLOIT_KIT TDS Sutra - cookie set

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT TDS Sutra - cookie set"; flow:established,to_client; http.stat_code; content:!"302"; http.cookie; content:"=_"; content:"_|3b 20|domain="; distance:1; within:10; fast_pattern; pcre:"/^[a-z]{5}[0-9]{1,2}=_[0-9]{1,2}_/"; classtype:exploit-kit; sid:2014548; rev:5; metadata:created_at 2012_04_12, signature_severity Major, tag TDS, updated_at 2020_10_28;)

Created:

Apr 12, 2012, 12:00 PM

Updated:

Oct 28, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-exploit_kit.rules