Versions (3)
Version DetailsCurrent
Rev: 19 • Apr 17, 2013, 12:00 PMET EXPLOIT_KIT GrandSoft PDF Payload Download
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT GrandSoft PDF Payload Download"; flow:established,to_server; flowbits:set,et.exploitkitlanding; http.method; content:"GET"; http.user_agent; content:"http|3a|//"; fast_pattern; startswith; http.start; pcre:"/^GET (?P<uri>(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP\/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P<host>[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; classtype:exploit-kit; sid:2016764; rev:19; metadata:created_at 2013_04_17, signature_severity Major, updated_at 2020_11_05;)
Apr 17, 2013, 12:00 PM
Nov 5, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit_kit.rules