Rule History

SID: 2019612 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 8 • Oct 31, 2014, 12:00 PM

Message:

ET EXPLOIT_KIT Fiesta Flash Exploit URI Struct

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Fiesta Flash Exploit URI Struct"; flow:established,to_server; urilen:>68; http.uri; content:"|3b|1"; offset:60; content:"|3b|"; distance:5; within:1; content:!"="; content:!"&"; pcre:"/\/\??[a-f0-9]{60,}\x3b1\d{5}\x3b\d{1,3}$/"; classtype:exploit-kit; sid:2019612; rev:8; metadata:created_at 2014_10_31, signature_severity Major, updated_at 2020_05_13;)

Created:

Oct 31, 2014, 12:00 PM

Updated:

May 13, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-exploit_kit.rules