ET DELETED Possible Neutrino EK Posting Plugin-Detect Data May 15 2013

SID: 2016853Rev: 160 views
History
Sourceet/open
CreatedMay 16, 2013
UpdatedAugust 20, 2020
Classificationexploit-kit
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Possible Neutrino EK Posting Plugin-Detect Data May 15 2013"; flow:established,to_server; content:"POST"; nocase; http_method; pcre:"/^\/[a-z][a-z0-9]+$/U"; content:"XMLHttpRequest"; nocase; http_header; fast_pattern:only; pcre:"/^Referer\x3a[^\r\n]+[?&][a-z]+=\d+\r$/Hmi"; content:"=%25"; http_client_body; pcre:"/=%25[0-9A-F]{2}%25[0-9A-F]{2}/P"; flowbits:set,et.exploitkitlanding; classtype:exploit-kit; sid:2016853; rev:16; metadata:created_at 2013_05_16, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_20;)

Metadata

created at2013_05_16
signature severityUnknown
tagDescription_Generated_By_Proofpoint_Nexus
updated at2020_08_20

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!