Rule History

SID: 2016942 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 6 • May 29, 2013, 12:00 PM

Message:

ET EXPLOIT_KIT Sakura - Landing Page - Received May 29 2013

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Sakura - Landing Page - Received May 29 2013"; flow:established,to_client; file_data; content:"<div id"; nocase; pcre:"/^[\r\n\s\+]*?=[\r\n\s\+]*?[\x22\x27][^\x22\x27]+?[\x22\x27][^>]*?>((?P<hex>%[A-Fa-f0-9]{2})|(?P<ascii>[a-zA-Z0-9]))((?P=hex){9,20}|(?P=ascii){9,20})%3C/R"; content:"{version:|22|0.8.0|22|"; distance:0; nocase; classtype:exploit-kit; sid:2016942; rev:6; metadata:created_at 2013_05_29, signature_severity Major, updated_at 2019_07_26;)

Created:

May 29, 2013, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-exploit_kit.rules