Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Evil Redirector Leading to EK Jul 12 2016"; flow:established,from_server; file_data; content:"|3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 2d 31|"; pcre:"/^\d{3}px\x3b\swidth\x3a3\d{2}px\x3b\sheight\x3a3\d{2}px\x3b\x22>[^<>]*?<iframe src=[\x22\x27][^\x22\x27]+[\x22\x27]\swidth=[\x22\x27]2\d{2}[\x22\x27]\sheight=[\x22\x27]2\d{2}[\x22\x27]><\/iframe>[^<>]*?\n[^<>]*?<\/span>/Rsi"; classtype:exploit-kit; sid:2022962; rev:4; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2016_07_12, deployment Perimeter, malware_family PsuedoDarkLeech, confidence High, signature_severity Major, updated_at 2019_09_27;)