Versions (4)
Version DetailsCurrent
Rev: 3 • Jun 11, 2016, 12:00 PMET DELETED Job314/Neutrino Reboot EK Landing June 11 2016
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Job314/Neutrino Reboot EK Landing June 11 2016"; flow:established,from_server; content:"nginx"; http_header; nocase; file_data; content:"d27cdb6e-ae6d-11cf-96b8-444553540000"; content:"bgcolor"; content:"<html>"; pcre:"/^\s*?<body>(?:\s*<\/?[^\s\x2f>]+>\s*)*\s*?<object(?=(?:(?!<\/object>).)*?<param(?=[^>]*?name\s*?=\s*?\x22bgcolor\x22)[^>]*?value=\x22#[a-f0-9]{6}\x22[^>]*?>\s*?\n\s*?<param(?=[^>]*?name\s*?=\s*?\x22allowScriptAccess\x22)[^>]*?value=\x22always\x22[^>]*?>\s*?\n\s*?).{1,1000}?\s<\/object>\s+<\/body>\s+<\/html>\s*$/Rs"; content:" name"; pcre:"/^\s*=\s*(?P<var1>[\x22\x27][a-z]+[\x22\x27]).+?\sid\s*=\s*(?P=var1)/Rs"; content:"allowScriptAccess"; fast_pattern:only; flowbits:set,ET.Neutrino; classtype:exploit-kit; sid:2025044; rev:3; metadata:created_at 2016_06_11, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Jun 11, 2016, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 21, 2025, 10:35 PM
rules/emerging-deleted.rules