Rule History

SID: 2017973 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 9 • Jan 16, 2014, 12:00 PM

Message:

ET EXPLOIT_KIT Nuclear EK CVE-2013-3918

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Nuclear EK CVE-2013-3918"; flow:established,from_server; file_data; content:"19916E01-B44E-4E31-94A4-4696DF46157B"; nocase; content:"Array"; nocase; distance:0; content:"|22|"; nocase; within:500; content:!"|22|"; within:500; pcre:"/^[a-z0-9]{1,500}?(?P<s>[a-z0-9]{2})(?P<t>(?!(?P=s))[a-z0-9]{2})(?P<r>(?!(?:(?P=s)|(?P=t)))[a-z0-9]{2})(?P=t)(?P<o>(?!(?:(?P=s)|(?P=t)|(?P=r)))[a-z0-9]{2})(?P<b>(?!(?:(?P=s)|(?P=t)|(?P=r)|(?P=o)))[a-z0-9]{2})(?P<y>(?!(?:(?P=s)|(?P=t)|(?P=r)|(?P=o)|(?P=b)))[a-z0-9]{2})(?P=t)(?:(?!(?:(?P=s)|(?P=t)|(?P=r)))[a-z0-9]{4})(?P=s)(?P=t)(?P=r)/Rs"; flowbits:set,et.exploitkitlanding; classtype:exploit-kit; sid:2017973; rev:9; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2014_01_16, deployment Perimeter, malware_family Nuclear, confidence High, signature_severity Critical, tag Exploit_Kit, tag Nuclear, updated_at 2019_07_26;)

Created:

Jan 16, 2014, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-exploit_kit.rules