EmergingThreats
>
Main Web
>
2017073
(2022-05-19,
TWikiGuest
)
E
dit
A
ttach
#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013"; flow:established,from_server; file_data; content:"
"; pcre:"/^(?P
[0-9a-z]{2})(?P
(?!(?P=v))[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{4}(?P=v)[0-9a-z]{6}(?P=space)[0-9a-z]{2}(?P=space)[0-9a-z]{64}(?P=J)(?P=a)(?P=v)(?P=a)/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017073; rev:4; metadata:created_at 2013_06_27, former_category EXPLOIT_KIT, updated_at 2013_06_27;) Added 2022-05-19 19:06:18 UTC
Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.
#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013"; flow:established,from_server; file_data; content:"
"; pcre:"/^(?P
[0-9a-z]{2})(?P
(?!(?P=v))[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{4}(?P=v)[0-9a-z]{6}(?P=space)[0-9a-z]{2}(?P=space)[0-9a-z]{64}(?P=J)(?P=a)(?P=v)(?P=a)/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017073; rev:3; metadata:created_at 2013_06_27, former_category EXPLOIT_KIT, updated_at 2013_06_27;)
Added 2020-08-05 19:09:09 UTC
#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013"; flow:established,from_server; file_data; content:"
"; pcre:"/^(?P
[0-9a-z]{2})(?P
(?!(?P=v))[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{4}(?P=v)[0-9a-z]{6}(?P=space)[0-9a-z]{2}(?P=space)[0-9a-z]{64}(?P=J)(?P=a)(?P=v)(?P=a)/R"; flowbits:set,et.exploitkitlanding; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2017073; rev:3; metadata:created_at 2013_06_27, updated_at 2013_06_27;)
Added 2019-09-26 19:57:25 UTC
#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013"; flow:established,from_server; file_data; content:"
"; pcre:"/^(?P
[0-9a-z]{2})(?P
(?!(?P=v))[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{4}(?P=v)[0-9a-z]{6}(?P=space)[0-9a-z]{2}(?P=space)[0-9a-z]{64}(?P=J)(?P=a)(?P=v)(?P=a)/R"; flowbits:set,et.exploitkitlanding; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2017073; rev:3; metadata:created_at 2013_06_27, updated_at 2013_06_27;)
Added 2019-06-03 18:23:57 UTC
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013"; flow:established,from_server; file_data; content:"
"; pcre:"/^(?P
[0-9a-z]{2})(?P
(?!(?P=v))[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{4}(?P=v)[0-9a-z]{6}(?P=space)[0-9a-z]{2}(?P=space)[0-9a-z]{64}(?P=J)(?P=a)(?P=v)(?P=a)/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017073; rev:3; metadata:created_at 2013_06_27, updated_at 2013_06_27;)
Added 2018-09-13 19:47:13 UTC
Added 2018-09-13 17:57:47 UTC
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013"; flow:established,from_server; file_data; content:"
"; pcre:"/^(?P
[0-9a-z]{2})(?P
(?!(?P=v))[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{4}(?P=v)[0-9a-z]{6}(?P=space)[0-9a-z]{2}(?P=space)[0-9a-z]{64}(?P=J)(?P=a)(?P=v)(?P=a)/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017073; rev:3; metadata:created_at 2013_06_27, updated_at 2013_06_27;)
Added 2017-08-07 21:10:56 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013"; flow:established,from_server; file_data; content:"
"; pcre:"/^(?P
[0-9a-z]{2})(?P
(?!(?P=v))[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{2}(?P
[0-9a-z]{2})[0-9a-z]{4}(?P=v)[0-9a-z]{6}(?P=space)[0-9a-z]{2}(?P=space)[0-9a-z]{64}(?P=J)(?P=a)(?P=v)(?P=a)/R"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017073; rev:2;)
Added 2013-06-27 20:56:22 UTC
E
dit
|
A
ttach
|
P
rint version
|
H
istory
: r1
|
B
acklinks
|
R
aw View
|
WYSIWYG
|
M
ore topic actions
Topic revision: r1 - 2022-05-19
-
TWikiGuest
Main
Log In
Main Web
Create New Topic
Index
Search
Changes
Preferences
User Reference
ATasteOfTWiki
TextFormattingRules
Signature Reference
WebRss
Feed
EmergingFAQ
Copyright © Emerging Threats