Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M7"; flow:established,to_client; http.stat_code; content:"200"; file.data; content:"let"; fast_pattern; pcre:"/^\s*(?P<counter>[\w\-]{1,20})\s*=\s*\d+\s*\x3b\s*(?P=counter)\s*<\s*(0x[a-f0-9]{3,12}|\d{4,12})\s*\x3b\s*(?P=counter)\+{2}\s*\).{1,100}\x7d/Rsi"; classtype:unknown; sid:2058058; rev:1; metadata:created_at 2024_11_23, confidence Medium, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_12_04, former_sid 2859131;)