ET EXPLOIT_KIT probable malicious Glazunov Javascript injection

SID: 2015977Rev: 724 views
History
Sourceet/open
CreatedDecember 4, 2012
UpdatedJuly 26, 2019
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT probable malicious Glazunov Javascript injection"; flow:established,from_server; file_data; content:"(|22|"; distance:0; content:"|22|))|3b|"; distance:52; within:106; content:")|3b|</script></body>"; within:200; fast_pattern; pcre:"/\(\x22[0-9\x3a\x3b\x3c\x3d\x3e\x3fa-k]{50,100}\x22\).{0,200}\)\x3b<\/script><\/body>/s"; flowbits:set,et.exploitkitlanding; classtype:exploit-kit; sid:2015977; rev:7; metadata:created_at 2012_12_04, signature_severity Major, updated_at 2019_07_26;)

Metadata

created at2012_12_04
signature severityMajor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!