Versions (4)
Version DetailsCurrent
Rev: 6 • Nov 6, 2014, 12:00 PMET EXPLOIT_KIT Fiesta EK Landing Nov 05 2014
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Fiesta EK Landing Nov 05 2014"; flow:from_server,established; file_data; content:"=|27|c"; pcre:"/^(?:\x27\s*?\+\s*?\x27)?h(?:\x27\s*?\+\s*?\x27)?a(?:\x27\s*?\+\s*?\x27)?r(?:\x27\s*?\+\s*?\x27)?A(?:\x27\s*?\+\s*?\x27)?/R"; content:"t|27 3b|return"; within:9; fast_pattern; content:".indexOf"; pcre:"/^\s*?\x28\s*?[a-z0-9]{4,6}\s*?\x28\s*?[a-z0-9]{1,3}\s*?,\s*?[a-z0-9]{1,3}\s*?\x29\s*?\x29\s*?\x3b\s*?(?P<var>[a-z0-9]{1,3})\s*?\x3d\s*?\x28\s*?(?P=var)\s*?\x2b\s*?[a-z0-9]{1,3}\s*?\x29\s*?\x25\s*?[a-z0-9]{1,3}\.length\x3b/R"; classtype:exploit-kit; sid:2019655; rev:6; metadata:created_at 2014_11_06, confidence High, signature_severity Major, updated_at 2019_07_26;)Nov 6, 2014, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit_kit.rules