Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Possible Magnitude EK (formerly Popads) IE Exploit with IE UA Oct 16 2013"; flow:established,to_server; flowbits:set,et.exploitkitlanding; urilen:66; http.uri; pcre:"/^\/[a-f0-9]{32}\/[a-f0-9]{32}$/i"; http.referer; content:"http|3a|//"; startswith; pcre:"/\/\?[a-f0-9]{32}=\d{1,10}$/R"; http.user_agent; content:" MSIE "; fast_pattern; classtype:exploit-kit; sid:2017613; rev:11; metadata:created_at 2013_10_17, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_03;)