ET EXPLOIT Targeted Attack from APT Actor Delivering HT SWF Exploit RIP

SID: 2021405Rev: 50 views
History
Sourceet/open
CreatedJuly 13, 2015
UpdatedOctober 8, 2019
Classificationtargeted-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Targeted Attack from APT Actor Delivering HT SWF Exploit RIP"; flow:established,from_server; file_data; content:"|67 5f 6f 3d 69 65 56 65 72 73 69 6f 6e 28 29 3b|"; nocase; fast_pattern; content:"|67 65 74 42 69 74 73 28 29 3b|"; nocase; content:"var "; pcre:"/^\s*?(?P<var>[^=\s\x3b]+)\s*?=\s*?getBits\(\s*?\)\x3b.+?flashvars\s*?=\s*?\x5c\x22(?P=var)\s*?=\s*?\x22\s*?\+\s*?(?P=var)\s*?\+\s*?\x22\x5c\x22/Rsi"; classtype:targeted-activity; sid:2021405; rev:5; metadata:created_at 2015_07_13, confidence High, signature_severity Major, updated_at 2019_10_08;)

Metadata

created at2015_07_13
confidenceHigh
signature severityMajor
updated at2019_10_08

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!