Rule History

SID: 2021762 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 4 • Sep 12, 2015, 12:00 PM

Message:

ET EXPLOIT_KIT Spartan EK Secondary Flash Exploit DL

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Spartan EK Secondary Flash Exploit DL"; flow:established,to_client; http.header; content:"|43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 69 6e 6c 69 6e 65 3b 20 66 69 6c 65 6e 61 6d 65 3d 0d 0a|"; fast_pattern; file.data; content:"|3c 74 6f 70 70 69 6e 67 73 3e|"; reference:url,www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=854; classtype:exploit-kit; sid:2021762; rev:4; metadata:created_at 2015_09_12, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_05;)

Created:

Sep 12, 2015, 12:00 PM

Updated:

Mar 5, 2024, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Oct 13, 2025, 9:34 PM

Filename:

rules/emerging-exploit_kit.rules