ET EXPLOIT_KIT Nuclear EK Landing Apr 22 2015

SID: 2020975Rev: 50 views
History
Sourceet/open
CreatedApril 23, 2015
UpdatedFebruary 23, 2024
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Nuclear EK Landing Apr 22 2015"; flow:established,to_client; http.server; content:"nginx"; file.data; content:"|0d 0a|<textarea "; fast_pattern; content:!">"; within:21; content:!"</textarea>"; within:500; content:!"|0d|"; within:500; pcre:"/^\s*[^>]*?[a-zA-Z]+\s*?=\s*?[\x22\x27](?=[a-z]{0,20}[A-Z])(?=[A-Z]{0,20}[a-z])[A-Za-z]{15,21}[\x22\x27][^>]*?>(?=[A-Za-z_]{0,200}[0-9])(?=[0-9a-z_]{0,200}[A-Z])(?=[0-9A-Z_]{0,200}[a-z])[A-Za-z0-9_]{200}/R"; classtype:exploit-kit; sid:2020975; rev:5; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2015_04_23, deployment Perimeter, malware_family Nuclear, confidence High, signature_severity Critical, tag Exploit_Kit, tag Nuclear, updated_at 2024_02_23;)

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_Endpoint
created at2015_04_23
deploymentPerimeter
malware familyNuclear
confidenceHigh
signature severityCritical
tagNuclear
updated at2024_02_23

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!