Versions (2)
Version DetailsCurrent
Rev: 12 • Jan 23, 2015, 12:00 PMET EXPLOIT_KIT DRIVEBY Nuclear EK Exploit Struct Jan 23 2015
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT DRIVEBY Nuclear EK Exploit Struct Jan 23 2015"; flow:established,to_server; urilen:50<>151; http.request_line; content:"GET /"; byte_test:1,>,64,0,relative; byte_test:1,<,91,0,relative; http.uri; pcre:"/^\/[A-Z](?=[A-Za-z]{0,148}\d)[A-Za-z0-9]{49,148}$/"; http.header; content:".htm"; fast_pattern; http.referer; pcre:"/^http\x3a\/\/[^\x2f]+\/[A-Z](?=[a-z0-9]+[A-Z])(?=[A-Z0-9]+[a-z])[A-Za-z0-9]{9,}\.html?$/i"; classtype:exploit-kit; sid:2020300; rev:12; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Any, attack_target Client_Endpoint, created_at 2015_01_23, deployment Perimeter, malware_family Nuclear, confidence High, signature_severity Critical, tag DriveBy, tag Exploit_Kit, tag Nuclear, updated_at 2024_02_27;)
Jan 23, 2015, 12:00 PM
Feb 27, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit_kit.rules