ET EXPLOIT_KIT DRIVEBY [PwC CTD] -- MultiGroup - TH3BUG and Non-Targetted Groups Watering Hole Deobfuscation function - Suricata Rule 2020563 (et/open)

ET EXPLOIT_KIT DRIVEBY [PwC CTD] -- MultiGroup - TH3BUG and Non-Targetted Groups Watering Hole Deobfuscation function

SID: 2020563Rev: 40 views

Sourceet/open

CreatedFebruary 25, 2015

UpdatedSeptember 27, 2019

Classificationexploit-kit

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT DRIVEBY [PwC CTD] -- MultiGroup - TH3BUG and Non-Targetted Groups Watering Hole Deobfuscation function"; flow:established,from_server; file_data; content:"Chr(CInt(ns(i)) Xor n)"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whosaffected-and-whos-using-it-1.html; classtype:exploit-kit; sid:2020563; rev:4; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2015_02_25, deployment Perimeter, signature_severity Major, tag DriveBy, updated_at 2019_09_27;)

References

url	pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whosaffected-and-whos-using-it-1.html

Metadata

affected productAny

attack targetClient_Endpoint

created at2015_02_25

deploymentPerimeter

signature severityMajor

tagDriveBy

updated at2019_09_27

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!