Versions (2)
Version DetailsCurrent
Rev: 5 • Apr 23, 2015, 12:00 PMET EXPLOIT_KIT Nuclear EK Landing Apr 22 2015
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Nuclear EK Landing Apr 22 2015"; flow:established,to_client; http.server; content:"nginx"; file.data; content:"|0d 0a|<textarea "; fast_pattern; content:!">"; within:21; content:!"</textarea>"; within:500; content:!"|0d|"; within:500; pcre:"/^\s*[^>]*?[a-zA-Z]+\s*?=\s*?[\x22\x27](?=[a-z]{0,20}[A-Z])(?=[A-Z]{0,20}[a-z])[A-Za-z]{15,21}[\x22\x27][^>]*?>(?=[A-Za-z_]{0,200}[0-9])(?=[0-9a-z_]{0,200}[A-Z])(?=[0-9A-Z_]{0,200}[a-z])[A-Za-z0-9_]{200}/R"; classtype:exploit-kit; sid:2020975; rev:5; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2015_04_23, deployment Perimeter, malware_family Nuclear, confidence High, signature_severity Critical, tag Exploit_Kit, tag Nuclear, updated_at 2024_02_23;)
Apr 23, 2015, 12:00 PM
Feb 23, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit_kit.rules