Versions (8)
Version DetailsCurrent
Rev: 2 • Aug 17, 2022, 12:00 PMET EXPLOIT_KIT Parrot TDS Malicious Response
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Parrot TDS Malicious Response"; flow:established,to_client; content:"var|20|ndsx|20 3d 20|true|3b|"; fast_pattern; content:"|28|function|28 29 7b|"; distance:0; content:!"var|20|date|3d|new|20|Date|28|new|20|Date|28 29 2e|getTime|28 29|"; distance:0; content:!"document|2e|cookie|3d 22 5f 5f 5f|utma|3d|"; distance:0; reference:url,decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions; classtype:trojan-activity; sid:2038552; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_08_17, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag TDS, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_03, reviewed_at 2024_12_24;)
Aug 17, 2022, 12:00 PM
Apr 3, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 1, 2025, 8:35 PM
rules/emerging-exploit_kit.rules