ET EXPLOIT_KIT FlimKit obfuscated hex-encoded jnlp_embedded Aug 08 2013

SID: 2017324Rev: 30 views
History
Sourceet/open
CreatedAugust 13, 2013
UpdatedOctober 8, 2019
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT FlimKit obfuscated hex-encoded jnlp_embedded Aug 08 2013"; flow:established,from_server; file_data; content:"fromCh"; pcre:"/(?P<m>[0-9a-f]{2})(?P<sep>[^0-9a-f])(?P<e>(?!(?P=m))[0-9a-f]{2})(?P=sep)([0-9a-f]{2}(?P=sep)){7}(?P=e)(?P=sep)(?P=m)(?P=sep)[0-9a-f]{2}(?P=sep)(?P=e)(?P=sep)(?P<d>(?!(?P=e))[0-9a-f]{2})(?P=sep)(?P=d)(?P=sep)(?P=e)(?P=sep)(?P=d)/R"; content:"<applet"; fast_pattern; flowbits:set,et.exploitkitlanding; classtype:exploit-kit; sid:2017324; rev:3; metadata:created_at 2013_08_13, signature_severity Major, updated_at 2019_10_08, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)

Metadata

created at2013_08_13
signature severityMajor
updated at2019_10_08
mitre tactic idTA0005
mitre tactic nameDefense_Evasion
mitre technique idT1027
mitre technique nameObfuscated_Files_or_Information

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!