Rule History

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Unknown Malvertising Related EK Landing Oct 14 2013"; flow:established,from_server; content:"(2)!=7"; fast_pattern:only; content:"(7)==0"; content:"(6)==1"; content:"javafx_version"; content:"jnlp_href"; content:".getVersion("; pcre:"/^[\r\n\s]*?[\x22\x27]Java[\x22\x27]/R"; content:"document.write("; pcre:"/^[\r\n\s]*?[\x22\x27]<applet/R"; content:"document.write("; pcre:"/^[\r\n\s]*?[\x22\x27]<applet/R"; reference:url,www.malwaresigs.com/2013/10/14/unknown-ek/; classtype:exploit-kit; sid:2017591; rev:2; metadata:created_at 2013_10_15, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)