ET EXPLOIT_KIT Evil Redirector Leading to EK EITest Inject Oct 17 2016 M4
Sourceet/open
CreatedJanuary 19, 2017
UpdatedOctober 8, 2019
Classificationexploit-kit
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Evil Redirector Leading to EK EITest Inject Oct 17 2016 M4"; flow:established,from_server; file_data; content:"|75 74 65 28 22 66 72 61 6d 65 42 6f 72 64 65 72 22 2c 20 22 30|"; fast_pattern; content:"<script type=|22|text|2f|"; pcre:"/^(?:rocket|java)script\x22>\s*var\s*(?P<ifr>[^\s=]+)\s*=\s*[\x22\x27]iframe[\x22\x27].*?\s*var\s*(?P<var>[^\s=]+)\s*=\s*document\.createElement\(\s*(?P=ifr)(?=.+?(?P=var)\.frameBorder\s*=\s*[\x22\x27]0[\x22\x27])(?=.+?document\.body\.appendChild\(\s*(?P=var)\s*\)).+?(?P=var)\.setAttribute\s*\(\s*[\x22\x27]frameBorder[\x22\x27]\s*,\s*[\x22\x27]0[\x22\x27]\s*\)\s*\x3b/Rsi"; classtype:exploit-kit; sid:2023748; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2017_01_19, deployment Perimeter, malware_family EITest, performance_impact Low, confidence High, signature_severity Major, tag Exploit_Kit, updated_at 2019_10_08;)
Metadata
affected productWeb_Browser_Plugins
attack targetClient_Endpoint
created at2017_01_19
deploymentPerimeter
malware familyEITest
performance impactLow
confidenceHigh
signature severityMajor
tagExploit_Kit
updated at2019_10_08
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!