Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Chrome V8 Shellcode Inject Attempt"; flow:established,to_client; http.response_body; content:"var|20|tDerivedNCount|20 3d 20|17|20 2a 20|87481|20 2d 20|8|3b|"; fast_pattern; content:"var|20|tDerivedNDepth|20 3d 20|19|20 2a 20|19|3b|"; distance:0; content:"function|20|cb|28|flag|29|"; distance:0; classtype:attempted-admin; sid:2065595; rev:1; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_10_30, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_10_30, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1189, mitre_technique_name Drive_by_Compromise; target:dest_ip;)