alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013"; flow:established,from_server; file_data; content:"display|3a| none|3b 22|"; nocase; content:">"; within:500; content:!">"; nocase; within:500; content:"f"; within:200; pcre:"/^(?P.{1,50})u(?P=sep)n(?P=sep)c(?P=sep)t(?P=sep)i(?P=sep)o(?P=sep)n(?P=sep)\s/R"; flowbits:set,et.exploitkitlanding; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2017817; rev:11; metadata:created_at 2013_12_09, updated_at 2013_12_09;)

Added 2019-09-26 19:57:31 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013"; flow:established,from_server; file_data; content:"display|3a| none|3b 22|"; nocase; content:">"; within:500; content:!">"; nocase; within:500; content:"f"; within:200; pcre:"/^(?P.{1,50})u(?P=sep)n(?P=sep)c(?P=sep)t(?P=sep)i(?P=sep)o(?P=sep)n(?P=sep)\s/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017817; rev:11; metadata:created_at 2013_12_09, updated_at 2013_12_09;)

Added 2018-09-13 19:48:08 UTC


Added 2018-09-13 17:58:15 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013"; flow:established,from_server; file_data; content:"display|3a| none|3b 22|"; nocase; content:">"; within:500; content:!">"; nocase; within:500; content:"f"; within:200; pcre:"/^(?P.{1,50})u(?P=sep)n(?P=sep)c(?P=sep)t(?P=sep)i(?P=sep)o(?P=sep)n(?P=sep)\s/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017817; rev:11; metadata:created_at 2013_12_09, updated_at 2013_12_09;)

Added 2017-08-07 21:11:47 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013"; flow:established,from_server; file_data; content:"display|3a| none|3b 22|"; nocase; content:">"; within:500; content:!">"; nocase; within:500; content:"f"; within:200; pcre:"/^(?P.{1,50})u(?P=sep)n(?P=sep)c(?P=sep)t(?P=sep)i(?P=sep)o(?P=sep)n(?P=sep)\s/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017817; rev:11;)

Added 2014-09-23 17:58:31 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013"; flow:established,from_server; file_data; content:"<ul"; nocase; pcre:"/^[^>]*?/Rs"; content:"style=|22|display|3a| none|3b 22|"; nocase; pcre:"/^[^>]*?\>/Rs"; content:"

  • ]*?/Rs"; content:!"
  • "; nocase; within:500; content:"f"; within:200; pcre:"/^(?P.{1,50})u(?P=sep)n(?P=sep)c(?P=sep)t(?P=sep)i(?P=sep)o(?P=sep)n(?P=sep)\s/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017817; rev:9;)

    Added 2014-09-09 17:58:12 UTC


    alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013"; flow:established,from_server; file_data; content:"<ul"; nocase; pcre:"/^\s*/Rs"; content:" style=|22|display|3a| none|3b 22|"; nocase; pcre:"/^\s*?\>/Rs"; content:"<li"; nocase; pcre:"/^[^>]*?\>/R"; content:!""; nocase; within:500; content:"f"; within:100; pcre:"/^(?P.{1,10})u(?P=sep)n(?P=sep)c(?P=sep)t(?P=sep)i(?P=sep)o(?P=sep)n(?P=sep)\s/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017817; rev:7;)

    Added 2014-02-10 20:04:15 UTC


    alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013"; flow:established,from_server; file_data; content:"<ul"; nocase; pcre:"/^\s*/Rs"; content:" style=|22|display|3a| none|3b 22|"; nocase; pcre:"/^\s*?\>/Rs"; content:"<li"; nocase; pcre:"/^[^>]*?\>/R"; content:!""; nocase; within:500; content:"f"; within:100; pcre:"/^(?P.{1,10})u(?P=sep)n(?P=sep)c(?P=sep)t(?P=sep)i(?P=sep)o(?P=sep)n(?P=sep)\s/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017817; rev:7;)

    Added 2014-02-10 19:58:20 UTC


    alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013"; flow:established,from_server; file_data; content:"

      "; nocase; fast_pattern:2,20; content:"<li"; nocase; pcre:"/^[^>]*?\>/R"; content:!""; nocase; within:500; content:"f"; within:100; pcre:"/^(?P.{1,10})u(?P=sep)n(?P=sep)c(?P=sep)t(?P=sep)i(?P=sep)o(?P=sep)n(?P=sep)\s/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017817; rev:6;)

    Added 2013-12-17 16:59:16 UTC


    alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013"; flow:established,from_server; file_data; content:"

      "; nocase; fast_pattern:2,20; content:"rgb("; nocase; content:"<li"; nocase; pcre:"/^[^>]*?\>/R"; content:!""; nocase; within:500; content:"f"; within:100; pcre:"/^(?P.{1,10})u(?P=sep)n(?P=sep)c(?P=sep)t(?P=sep)i(?P=sep)o(?P=sep)n(?P=sep)\s/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017817; rev:5;)

    Added 2013-12-09 19:23:34 UTC


    Topic revision: r1 - 2019-09-26 - TWikiGuest
     
    This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats