Versions (4)
Version DetailsCurrent
Rev: 3 • Jul 26, 2018, 12:00 PMET EXPLOIT_KIT Underminer EK Flash Exploit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Underminer EK Flash Exploit"; flow:established,to_client; file_data; content:"D27CDB6E-AE6D-11cf-96B8-444553540000"; nocase; fast_pattern; content:"<param"; nocase; pcre:"/^(?=[^>]*? name\s*=\s*[\x22\x27]flashvars)[^>]*? value\s*=\s*[\x22\x27]url=https?\x3a[^\x22\x27]*?\.wasm/Rsi"; classtype:exploit-kit; sid:2025914; rev:3; metadata:affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2018_07_26, deployment Perimeter, confidence High, signature_severity Major, tag Underminer_EK, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Jul 26, 2018, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 29, 2025, 9:34 PM
rules/emerging-exploit_kit.rules