Versions (4)
Version DetailsCurrent
Rev: 2 • Mar 5, 2020, 12:00 PMET EXPLOIT_KIT Magnitude EK JSE
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Magnitude EK JSE"; flow:established,to_client; http.stat_code; content:"200"; http.header; content:"X-UA-Compatible|3a 20|IE=EmulateIE8|0d 0a|"; file_data; content:"|3c 21|DOCTYPE html|3e 3c|html|3e 3c|head|3e 3c|script language|3d 22|JScript.Encode|22 3e 23 40 7e 5e|"; startswith; fast_pattern; pcre:"/^[^<]+\x0d\x0a<\/script>/R"; content:"|3c 2f|head|3e 3c|body|3e 3c 2f|body|3e 3c 2f|html|3e|"; endswith; reference:url,www.malware-traffic-analysis.net/2020/03/02/index.html; classtype:exploit-kit; sid:2029582; rev:2; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2020_03_05, deployment Perimeter, performance_impact Moderate, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_03_24;)
Mar 5, 2020, 12:00 PM
Mar 24, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 19, 2025, 10:35 PM
rules/emerging-exploit_kit.rules