ET DELETED Blackhole Exploit Kit Landing Page Try Renamed Prototype Catch - June 28th 2012 - Suricata Rule 2014981 (et/open)

ET DELETED Blackhole Exploit Kit Landing Page Try Renamed Prototype Catch - June 28th 2012

SID: 2014981Rev: 90 viewsHistory

Sourceet/open

CreatedJune 28, 2012

UpdatedJune 23, 2021

Classificationexploit-kit

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Blackhole Exploit Kit Landing Page Try Renamed Prototype Catch - June 28th 2012"; flow:established,to_client; file_data; content:"try {"; content:"=prototype|2d|"; within:80; content:"} catch"; within:80; reference:url,research.zscaler.com/2012/06/cleartripcom-infected-with-blackhole.html; classtype:exploit-kit; sid:2014981; rev:9; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2012_06_28, deployment Perimeter, malware_family Blackhole, signature_severity Critical, tag Blackhole, tag Exploit_Kit, updated_at 2021_06_23;)

References

url	research.zscaler.com/2012/06/cleartripcom-infected-with-blackhole.html

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_Endpoint

created at2012_06_28

deploymentPerimeter

malware familyBlackhole

signature severityCritical

tagExploit_Kit

updated at2021_06_23

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!