ET EXPLOIT_KIT Driveby Exploit Kit Browser Progress Checkin - Binary Likely Previously Downloaded - Suricata Rule 2013098 (et/open)

ET EXPLOIT_KIT Driveby Exploit Kit Browser Progress Checkin - Binary Likely Previously Downloaded

SID: 2013098Rev: 40 viewsHistory

Sourceet/open

CreatedJune 22, 2011

UpdatedFebruary 6, 2024

Classificationexploit-kit

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Driveby Exploit Kit Browser Progress Checkin - Binary Likely Previously Downloaded"; flow:established,to_server; urilen:>70; http.uri; content:"/?"; content:"|3b|"; distance:64; within:1; content:"|3b|"; distance:1; within:1; isdataat:!2,relative; pcre:"/\/\?[a-f0-9]{64}\;\d\;\d$/"; http.user_agent; content:!"Java/"; classtype:exploit-kit; sid:2013098; rev:4; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2011_06_22, deployment Perimeter, confidence Medium, signature_severity Major, tag DriveBy, updated_at 2024_02_06;)

Metadata

affected productAny

attack targetClient_Endpoint

created at2011_06_22

deploymentPerimeter

confidenceMedium

signature severityMajor

tagDriveBy

updated at2024_02_06

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!