Rule History

SID: 2022341 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 3 • Jan 8, 2016, 12:00 PM

Message:

ET EXPLOIT_KIT Evil Redirector Leading to EK Jan 6th 2016 M2

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Evil Redirector Leading to EK Jan 6th 2016 M2"; flow:established,to_client; http.content_type; content:"application/javascript|3b|"; startswith; file.data; content:"var iframe"; within:13; pcre:"/^\s*?=\s*?[\x22\x27]<iframe\s*?src\s*?=/R"; content:":-"; pcre:"/^\d{3,}/R"; content:"</iframe>"; pcre:"/^\s*?/Rs"; content:"document.write(iframe)|3b|"; fast_pattern; isdataat:!2,relative; classtype:exploit-kit; sid:2022341; rev:3; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2016_01_08, deployment Perimeter, confidence High, signature_severity Major, tag Redirector, updated_at 2024_02_26;)

Created:

Jan 8, 2016, 12:00 PM

Updated:

Feb 26, 2024, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-exploit_kit.rules