ET EXPLOIT_KIT XMLDOM Check for Presence Kaspersky AV Observed in RIG EK

SID: 2018756Rev: 20 viewsHistory

Sourceet/open

CreatedJuly 23, 2014

UpdatedJuly 26, 2019

Classificationexploit-kit

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT XMLDOM Check for Presence Kaspersky AV Observed in RIG EK"; flow:from_server,established; file_data; content:"loadXML"; nocase; content:"parseError"; content:"-2147023083"; fast_pattern:only; content:"|5c|kl1.sys"; nocase; pcre:"/^[\x22\x27]/Rs"; reference:url,research.zscaler.com/2014/07/de-obfuscating-dom-based-javascript.html; classtype:exploit-kit; sid:2018756; rev:2; metadata:created_at 2014_07_23, confidence High, signature_severity Major, updated_at 2019_07_26;)

References

url	research.zscaler.com/2014/07/de-obfuscating-dom-based-javascript.html

Metadata

created at2014_07_23

confidenceHigh

signature severityMajor

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!