Versions (2)
Version DetailsCurrent
Rev: 4 • Jun 18, 2015, 12:00 PMET EXPLOIT_KIT KaiXin Secondary Landing Page
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT KaiXin Secondary Landing Page"; flow:to_server,established; http.uri; content:"/win.html"; fast_pattern; pcre:"/\/win\.html$/"; http.header; pcre:"/Referer\x3a\x20http\x3a\x2f+(?P<refhost>[^\x3a\x2f\r\n]+)(?:\x3a\d{1,5})?[^\r\n]*?\/(?:index.html)?\r\n.*?\r\nHost\x3a\x20(?P=refhost)[\x3a\r]/si"; classtype:exploit-kit; sid:2021292; rev:4; metadata:created_at 2015_06_18, signature_severity Major, updated_at 2020_10_01;)
Jun 18, 2015, 12:00 PM
Oct 1, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit_kit.rules