ET EXPLOIT_KIT DRIVEBY Nuclear EK Exploit Struct Jan 23 2015

SID: 2020300Rev: 120 views
History
Sourceet/open
CreatedJanuary 23, 2015
UpdatedFebruary 27, 2024
Classificationexploit-kit
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT DRIVEBY Nuclear EK Exploit Struct Jan 23 2015"; flow:established,to_server; urilen:50<>151; http.request_line; content:"GET /"; byte_test:1,>,64,0,relative; byte_test:1,<,91,0,relative; http.uri; pcre:"/^\/[A-Z](?=[A-Za-z]{0,148}\d)[A-Za-z0-9]{49,148}$/"; http.header; content:".htm"; fast_pattern; http.referer; pcre:"/^http\x3a\/\/[^\x2f]+\/[A-Z](?=[a-z0-9]+[A-Z])(?=[A-Z0-9]+[a-z])[A-Za-z0-9]{9,}\.html?$/i"; classtype:exploit-kit; sid:2020300; rev:12; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Any, attack_target Client_Endpoint, created_at 2015_01_23, deployment Perimeter, malware_family Nuclear, confidence High, signature_severity Critical, tag DriveBy, tag Exploit_Kit, tag Nuclear, updated_at 2024_02_27;)

Metadata

affected productAny
attack targetClient_Endpoint
created at2015_01_23
deploymentPerimeter
malware familyNuclear
confidenceHigh
signature severityCritical
tagNuclear
updated at2024_02_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!