Versions (3)
Version DetailsCurrent
Rev: 19 • Jun 25, 2013, 12:00 PMET EXPLOIT_KIT Cool/BHEK/Goon Applet with Alpha-Numeric Encoded HTML entity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Cool/BHEK/Goon Applet with Alpha-Numeric Encoded HTML entity"; flow:established,to_client; flowbits:set,et.exploitkitlanding; file_data; content:"<applet"; nocase; pcre:"/^(?:(?!<\/applet>).)+?&#(?:0*?(?:1(?:[0-1]\d|2[0-2])|[78][0-9]|9[07-9]|4[8-9]|5[0-7]|6[5-9])|x0*?(?:[46][1-9A-F]|[57][0-9A]|3[0-9]))(?:\x3b|&#)/Rsi"; content:!"|2e|replace|28 2f 3c|applet|2e 2f|gi|2c 22 22 29|"; classtype:exploit-kit; sid:2017064; rev:19; metadata:created_at 2013_06_25, deprecation_reason Age, performance_impact Significant, signature_severity Major, updated_at 2023_09_11, reviewed_at 2023_09_11;)
Jun 25, 2013, 12:00 PM
Sep 11, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit_kit.rules