Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Nuclear EK CVE-2013-2551 Sept 17 2014"; flow:established,from_server; file_data; content:"|76 5c 3a 2a 7b 62 65 68 61 76 69 6f 72 3a 75 72 6c 28 23 64 65 66 61 75 6c 74 23 56 4d 4c 29 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d|"; content:"|64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28|"; distance:0; content:"|3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 62 6c 61 63 6b|"; distance:0; classtype:exploit-kit; sid:2019188; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2014_09_17, deployment Perimeter, malware_family Nuclear, confidence High, signature_severity Critical, tag Exploit_Kit, tag Nuclear, tag CISA_KEV, updated_at 2019_07_26;)