ET EXPLOIT_KIT Cool/BHEK/Goon Applet with Alpha-Numeric Encoded HTML entity

SID: 2017064Rev: 190 views
History
Sourceet/open
CreatedJune 25, 2013
UpdatedSeptember 11, 2023
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Cool/BHEK/Goon Applet with Alpha-Numeric Encoded HTML entity"; flow:established,to_client; flowbits:set,et.exploitkitlanding; file_data; content:"<applet"; nocase; pcre:"/^(?:(?!<\/applet>).)+?&#(?:0*?(?:1(?:[0-1]\d|2[0-2])|[78][0-9]|9[07-9]|4[8-9]|5[0-7]|6[5-9])|x0*?(?:[46][1-9A-F]|[57][0-9A]|3[0-9]))(?:\x3b|&#)/Rsi"; content:!"|2e|replace|28 2f 3c|applet|2e 2f|gi|2c 22 22 29|"; classtype:exploit-kit; sid:2017064; rev:19; metadata:created_at 2013_06_25, deprecation_reason Age, performance_impact Significant, signature_severity Major, updated_at 2023_09_11, reviewed_at 2023_09_11;)

Metadata

created at2013_06_25
deprecation reasonAge
performance impactSignificant
signature severityMajor
updated at2023_09_11
reviewed at2023_09_11

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!