ET EXPLOIT_KIT Safe/CritX/FlashPack EK Secondary Landing

SID: 2018573Rev: 30 views
History
Sourceet/open
CreatedJune 17, 2014
UpdatedJuly 26, 2019
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Safe/CritX/FlashPack EK Secondary Landing"; flow:established,to_client; file_data; content:".getVersion"; pcre:"/^\s*?\(\s*?[\x22\x27]Java[\x22\x27]/Rsi"; content:"621"; distance:0; pcre:"/^\W.{0,50}<\s*?=\s*?645\W[^{]*?{[^\}]*?\(\s*?document\s*?\)\s*?\[\s*?[\x22\x27]body[\x22\x27]\s*?\]\[\s*?[\x22\x27]appendChild[\x22\x27]\s*?\]/Rsi"; content:"700"; pcre:"/^\W.{0,50}<\s*?725\W/Rsi"; content:".getVersion"; pcre:"/^\s*?\(\s*?[\x22\x27]Flash[\x22\x27]/Rsi"; classtype:exploit-kit; sid:2018573; rev:3; metadata:created_at 2014_06_17, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

Metadata

created at2014_06_17
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!