ET EXPLOIT_KIT tdsshop Inject Script M2

SID: 2069948Rev: 18 views
Sourceet/open
Fileemerging-exploit_kit.rules
CreatedJune 15, 2026
UpdatedJune 15, 2026
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT tdsshop Inject Script M2"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"/i.test(navigator.userAgent)"; content:"document|2e|currentScript|2e|src|2e|split|28 22 3f 22 29 5b|0|5d 2e|replace|28 2f 5c 2f|t|5c 2e|js|24 2f 2c 20 22 22 29 3b|"; fast_pattern; distance:0; content:"window.__analyticsUrl"; distance:0; content:"window.__analyticsSite"; distance:0; content:"/ext-b."; distance:0; content:"/ext."; distance:0; reference:url,silentpush.com/blog/drivesurge/; classtype:exploit-kit; sid:2069948; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2026_06_15, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Critical, tag Exploit_Kit, tag TDS, tag compromised_website, tag tdsshop, updated_at 2026_06_15, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1189, mitre_technique_name Drive_by_Compromise; target:src_ip;)

References

urlsilentpush.com/blog/drivesurge/

Metadata

attack targetClient_Endpoint
tls stateTLSDecrypt
created at2026_06_15
deploymentSSLDecrypt
confidenceMedium
signature severityCritical
tagtdsshop
updated at2026_06_15
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1189
mitre technique nameDrive_by_Compromise

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!