alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Sep 29 2014"; flow:from_server,established; file_data; content:"|28 2f 5b 40 5c 2a 5c 2d 5d 2f 67 2c 27 27 29|"; fast_pattern; content:"return"; pcre:"/^\s[^\r\n]*?[\x28\x5b]\s*?[\x22\x27][^\x22\x27]?s[^\x22\x27]?u[^\x22\x27]?b[^\x22\x27]?s[^\x22\x27]?t[^\x22\x27]?r[^\x22\x27]?[\x22\x27]\s*?[\x29\x5d]\s*?(?:\x5d\s*?)?\x28/R"; classtype:trojan-activity; sid:2019315; rev:8; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Any, attack_target Client_Endpoint, deployment Perimeter, tag DriveBy?, tag Exploit_Kit, tag Nuclear, signature_severity Critical, created_at 2014_09_29, malware_family Nuclear, updated_at 2019_10_07;)

Added 2019-10-08 19:34:13 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Sep 29 2014"; flow:from_server,established; file_data; content:"|28 2f 5b 40 5c 2a 5c 2d 5d 2f 67 2c 27 27 29|"; fast_pattern:only; content:"return"; pcre:"/^\s[^\r\n]*?[\x28\x5b]\s*?[\x22\x27][^\x22\x27]?s[^\x22\x27]?u[^\x22\x27]?b[^\x22\x27]?s[^\x22\x27]?t[^\x22\x27]?r[^\x22\x27]?[\x22\x27]\s*?[\x29\x5d]\s*?(?:\x5d\s*?)?\x28/R"; classtype:trojan-activity; sid:2019315; rev:7; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Any, attack_target Client_Endpoint, deployment Perimeter, tag DriveBy?, tag Exploit_Kit, tag Nuclear, signature_severity Critical, created_at 2014_09_29, malware_family Nuclear, updated_at 2016_07_01;)

Added 2017-08-07 21:13:32 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Sep 29 2014"; flow:from_server,established; file_data; content:"|28 2f 5b 40 5c 2a 5c 2d 5d 2f 67 2c 27 27 29|"; fast_pattern:only; content:"return"; pcre:"/^\s[^\r\n]*?[\x28\x5b]\s*?[\x22\x27][^\x22\x27]?s[^\x22\x27]?u[^\x22\x27]?b[^\x22\x27]?s[^\x22\x27]?t[^\x22\x27]?r[^\x22\x27]?[\x22\x27]\s*?[\x29\x5d]\s*?(?:\x5d\s*?)?\x28/R"; classtype:trojan-activity; sid:2019315; rev:7;)

Added 2014-12-15 19:01:35 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Sep 29 2014"; flow:from_server,established; file_data; content:"|28 2f 5b 40 5c 2a 5c 2d 5d 2f 67 2c 27 27 29|"; fast_pattern:only; content:"return"; pcre:"/^\s[^\r\n]*?\x28\s*?[\x22\x27][^\x22\x27]?s[^\x22\x27]u[^\x22\x27]b[^\x22\x27]s[^\x22\x27]t[^\x22\x27]r[^\x22\x27]?[\x22\x27]\s*?\x29\s*?]\s*?\x28/R"; classtype:trojan-activity; sid:2019315; rev:6;)

Added 2014-10-08 17:40:34 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Sep 29 2014"; flow:from_server,established; content:"|0d 0a|X-Powered-By|3a 20|PHP"; http_header; content:"|22 29 5d 28 22 22 29 29 3b 3c 2f 73 63 72 69 70 74 3e|"; fast_pattern:only; content:"(|22|w"; content:"i"; distance:1; within:1; content:"n"; distance:1; within:1; content:"d"; distance:1; within:1; content:"o"; distance:1; within:1; content:"w"; distance:1; within:1; pcre:"/^[^\x22\x27]*?[\x22\x27]\s*?\x29\]/R"; content:"(|22|e"; content:"v"; distance:1; within:1; content:"a"; distance:1; within:1; content:"l"; distance:1; within:1; pcre:"/^[^\x22\x27]*?[\x22\x27]\s*?\x29\]/R"; classtype:trojan-activity; sid:2019315; rev:5;)

Added 2014-10-06 16:56:03 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Sep 29 2014"; flow:from_server,established; content:"|0d 0a|X-Powered-By|3a 20|PHP"; http_header; content:"|22 29 5d 28 22 22 29 29 3b 3c 2f 73 63 72 69 70 74 3e|"; fast_pattern:only; content:"