ET EXPLOIT_KIT Document.write Long Backslash UTF-16 Encoded Content - Exploit Kit Behavior Flowbit Set - Suricata Rule 2014096 (et/open)

ET EXPLOIT_KIT Document.write Long Backslash UTF-16 Encoded Content - Exploit Kit Behavior Flowbit Set

SID: 2014096Rev: 629 viewsHistory

Sourceet/open

CreatedJanuary 4, 2012

UpdatedJuly 26, 2019

Classificationexploit-kit

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT_KIT Document.write Long Backslash UTF-16 Encoded Content - Exploit Kit Behavior Flowbit Set"; flow:established,to_client; content:"document.write|28 22 5C|u"; nocase; isdataat:100,relative; content:!"|29|"; within:100; content:"|5C|u"; nocase; distance:4; within:2; content:"|5C|u"; nocase; distance:4; within:2; content:"|5C|u"; nocase; distance:4; within:2; content:"|5C|u"; nocase; distance:70; content:"|5C|u"; nocase; distance:4; within:2; flowbits:set,et.exploitkitlanding; flowbits:noalert; reference:url,www.kahusecurity.com/2011/elaborate-black-hole-infection/; classtype:exploit-kit; sid:2014096; rev:6; metadata:created_at 2012_01_04, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

url	www.kahusecurity.com/2011/elaborate-black-hole-infection/

Metadata

created at2012_01_04

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!