Versions (2)
Version DetailsCurrent
Rev: 2 • Nov 18, 2021, 12:00 PMET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M5
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M5"; flow:established,to_client; http.stat_code; content:"200"; file.data; content:"function"; fast_pattern; content:"let"; pcre:"/^\s*(?P<count_var>[\w\-]{1,20})\s*=\s*(0x[a-f0-9]{3,12}|\d{4,12}).{1,500}function\s*(?P<jit_func>[\w\-]{1,30})\(.{1,500}for\s*\(let\s*(?P<counter>[\w\-]{1,20})\s*=\s*\d+\s*\x3b\s*(?P=counter)\s*<\s*(?P=count_var)\s*\x3b\s*(?P=counter)\+{2}\s*\).{1,100}(?P=jit_func)\(/Rs"; classtype:unknown; sid:2058055; rev:2; metadata:created_at 2021_11_18, confidence Medium, signature_severity Major, tag possible_exploitation, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_12_04, former_sid 2850492;)
Nov 18, 2021, 12:00 PM
Dec 4, 2024, 12:00 PM
Dec 6, 2024, 12:34 AM
Jul 7, 2025, 9:34 PM
rules/emerging-hunting.rules