ET EXPLOIT_KIT Sweet Orange applet with obfuscated URL April 01 2013

SID: 2016705Rev: 190 views
History
Sourceet/open
CreatedApril 1, 2013
UpdatedJuly 26, 2019
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Sweet Orange applet with obfuscated URL April 01 2013"; flow:established,from_server; file_data; content:"<applet"; pcre:"/^((?!(?i:<\/applet>)).)+?[\r\n\s]value[\r\n\s]*?=[\r\n\s]*?[\x22\x27]?(\d{2,3})?(?P<sep>([^a-zA-Z0-9]{1,100}|[a-zA-Z0-9]{1,100}))\d{2,3}((?P=sep)\d{2,3}){20}/Rs"; classtype:exploit-kit; sid:2016705; rev:19; metadata:created_at 2013_04_01, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)

Metadata

created at2013_04_01
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_07_26
mitre tactic idTA0005
mitre tactic nameDefense_Evasion
mitre technique idT1027
mitre technique nameObfuscated_Files_or_Information

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!