ET EXPLOIT_KIT Possible Sweet Orange redirection Nov 4 2014

SID: 2019642Rev: 319 viewsHistory

Sourceet/open

CreatedNovember 4, 2014

UpdatedMarch 17, 2022

Classificationexploit-kit

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Possible Sweet Orange redirection Nov 4 2014"; flow:established,from_server; file_data; content:"var main_request_data_content"; within:29; fast_pattern; pcre:"/^\s*?=\s*?[\x22\x27](?!687474703a2f)[^\x22\x27]{0,10}6[^\x22\x27]{0,10}8[^\x22\x27]{0,10}7[^\x22\x27]{0,10}4[^\x22\x27]{0,10}7[^\x22\x27]{0,10}4[^\x22\x27]{0,10}7[^\x22\x27]{0,10}0[^\x22\x27]{0,10}3[^\x22\x27]{0,10}a[^\x22\x27]{0,10}2[^\x22\x27]{0,10}f/Ri"; flowbits:set,et.exploitkitlanding; reference:url,malware-traffic-analysis.net/2014/10/27/index2.html; classtype:exploit-kit; sid:2019642; rev:3; metadata:created_at 2014_11_04, confidence Medium, signature_severity Major, updated_at 2022_03_17;)

References

url	malware-traffic-analysis.net/2014/10/27/index2.html

Metadata

created at2014_11_04

confidenceMedium

signature severityMajor

updated at2022_03_17

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!