#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Neutrino EK Plugin-Detect April 12 2013"; flow:established,from_server; file_data; content:"PluginDetect"; fast_pattern:only; nocase; content:"$(document).ready"; content:"function"; distance:0; pcre:"/\x28[\r\n\s]*?(?P[\x22\x27]?)[a-f0-9]{24}(?P=qa1)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[a-z0-9]{1,20}(?P=qa2)[\r\n\s]*?/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016756; rev:7; metadata:created_at 2013_04_13, former_category CURRENT_EVENTS, updated_at 2018_06_18;)

Added 2022-05-19 19:06:17 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Neutrino EK Plugin-Detect April 12 2013"; flow:established,from_server; file_data; content:"PluginDetect"; fast_pattern:only; nocase; content:"$(document).ready"; content:"function"; distance:0; pcre:"/\x28[\r\n\s]*?(?P[\x22\x27]?)[a-f0-9]{24}(?P=qa1)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[a-z0-9]{1,20}(?P=qa2)[\r\n\s]*?/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016756; rev:6; metadata:created_at 2013_04_13, former_category CURRENT_EVENTS, updated_at 2018_06_18;)

Added 2021-09-21 19:58:37 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Neutrino EK Plugin-Detect April 12 2013"; flow:established,from_server; file_data; content:"PluginDetect"; fast_pattern:only; nocase; content:"$(document).ready"; content:"function"; distance:0; pcre:"/\x28[\r\n\s]*?(?P[\x22\x27]?)[a-f0-9]{24}(?P=qa1)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[a-z0-9]{1,20}(?P=qa2)[\r\n\s]*?/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016756; rev:6; metadata:created_at 2013_04_12, former_category CURRENT_EVENTS, updated_at 2018_06_18;)

Added 2020-08-05 19:09:02 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Neutrino EK Plugin-Detect April 12 2013"; flow:established,from_server; file_data; content:"PluginDetect"; fast_pattern:only; nocase; content:"$(document).ready"; content:"function"; distance:0; pcre:"/\x28[\r\n\s]*?(?P[\x22\x27]?)[a-f0-9]{24}(?P=qa1)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[a-z0-9]{1,20}(?P=qa2)[\r\n\s]*?/R"; flowbits:set,et.exploitkitlanding; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2016756; rev:6; metadata:created_at 2013_04_12, updated_at 2018_06_18;)

Added 2018-09-13 19:46:47 UTC


Added 2018-09-13 17:57:33 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Neutrino EK Plugin-Detect April 12 2013"; flow:established,from_server; file_data; content:"PluginDetect"; fast_pattern:only; nocase; content:"$(document).ready"; content:"function"; distance:0; pcre:"/\x28[\r\n\s]*?(?P[\x22\x27]?)[a-f0-9]{24}(?P=qa1)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[a-z0-9]{1,20}(?P=qa2)[\r\n\s]*?/R"; flowbits:set,et.exploitkitlanding; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2016756; rev:6; metadata:created_at 2013_04_12, updated_at 2018_06_18;)

Added 2018-06-18 16:40:38 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Neutrino EK Plugin-Detect April 12 2013"; flow:established,from_server; file_data; content:"PluginDetect"; fast_pattern:only; nocase; content:"$(document).ready"; content:"function"; distance:0; pcre:"/\x28[\r\n\s]*?(?P[\x22\x27]?)[a-f0-9]{24}(?P=qa1)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[a-z0-9]{1,20}(?P=qa2)[\r\n\s]*?/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016756; rev:6; metadata:created_at 2013_04_12, updated_at 2013_04_12;)

Added 2017-08-07 21:10:32 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Neutrino EK Plugin-Detect April 12 2013"; flow:established,from_server; file_data; content:"PluginDetect"; fast_pattern:only; nocase; content:"$(document).ready"; content:"function"; distance:0; pcre:"/\x28[\r\n\s]*?(?P[\x22\x27]?)[a-f0-9]{24}(?P=qa1)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[a-z0-9]{1,20}(?P=qa2)[\r\n\s]*?/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016756; rev:5;)

Added 2013-07-05 16:55:36 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Neutrino EK Plugin-Detect April 12 2013"; flow:established,from_server; file_data; content:"PluginDetect"; fast_pattern:only; nocase; content:"$(document).ready"; content:"function"; distance:0; pcre:"/\x28[\r\n\s]*?(?P[\x22\x27]?)[a-f0-9]{24}(?P=qa1)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[a-z0-9]{1,20}(?P=qa2)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[cb][a-z0-9]+?(?P=qa3)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[pr][a-z0-9]{0,20}(?P=qa4)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27]?)[ie][a-z0-9]{0,20}(?P=qa5)/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016756; rev:4;)

Added 2013-05-15 21:23:51 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Neutrino EK Plugin-Detect April 12 2013"; flow:established,from_server; file_data; content:"PluginDetect"; fast_pattern:only; nocase; content:"$(document).ready"; content:"function"; distance:0; pcre:"/\x28[\r\n\s]*?(?P[\x22\x27])?[a-f0-9]{24}(?P=qa1)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27])?[a-z0-9]{1,20}(?P=qa2)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27])?c[a-z0-9]+?(?P=qa3)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27])?p[a-z0-9]{0,20}(?P=qa4)[\r\n\s]*?,[\r\n\s]*?(?P[\x22\x27])?i[a-z0-9]{0,20}(?P=qa5)/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016756; rev:3;)

Added 2013-04-12 20:40:40 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats