ET EXPLOIT_KIT Nuclear EK Landing Jan 21 2014

SID: 2020236Rev: 30 viewsHistory

Sourceet/open

CreatedJanuary 22, 2015

UpdatedOctober 8, 2019

Classificationexploit-kit

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Nuclear EK Landing Jan 21 2014"; flow:established,from_server; file_data; content:"|3d 20 20 20 20 20 20 20 20 20 20|"; fast_pattern; content:".replace|28|"; content:"<script>"; content:"|3d 20 20 20 20 20 20|"; distance:0; pcre:"/^\s*?[\x22\x27](?P<char>[^\x22\x27]+)[\x22\x27]\.replace\x28\s*?[\x22\x27](?P=char)[\x22\x27]\s*?,/R"; content:"|3d 20 20 20 20 20 20|"; distance:0; pcre:"/^\s*?[\x22\x27](?P<char>[^\x22\x27]+)[\x22\x27]\.replace\x28\s*?[\x22\x27](?P=char)[\x22\x27]\s*?,/R"; classtype:exploit-kit; sid:2020236; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2015_01_22, deployment Perimeter, malware_family Nuclear, confidence Medium, signature_severity Critical, tag Exploit_Kit, tag Nuclear, updated_at 2019_10_08;)

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_Endpoint

created at2015_01_22

deploymentPerimeter

malware familyNuclear

confidenceMedium

signature severityCritical

tagNuclear

updated at2019_10_08

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!