ET EXPLOIT_KIT Possible Sweet Orange redirection 19 September 2014

SID: 2019352Rev: 319 viewsHistory

Sourceet/open

CreatedOctober 3, 2014

UpdatedJuly 26, 2019

Classificationexploit-kit

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Possible Sweet Orange redirection 19 September 2014"; flow:to_client,established; file_data; content:"var ajax_data_source"; within:20; pcre:"/^\s*?=\s*?[\x22\x27](?!687474703a2f)[^\x22\x27]{0,10}6[^\x22\x27]{0,10}8[^\x22\x27]{0,10}7[^\x22\x27]{0,10}4[^\x22\x27]{0,10}7[^\x22\x27]{0,10}4[^\x22\x27]{0,10}7[^\x22\x27]{0,10}0[^\x22\x27]{0,10}3[^\x22\x27]{0,10}a[^\x22\x27]{0,10}2[^\x22\x27]{0,10}f/Ri"; flowbits:set,et.exploitkitlanding; reference:url,malware-traffic-analysis.net/2014/10/03/index.html; classtype:exploit-kit; sid:2019352; rev:3; metadata:created_at 2014_10_03, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

References

url	malware-traffic-analysis.net/2014/10/03/index.html

Metadata

created at2014_10_03

confidenceMedium

signature severityMajor

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!