Update Details
Update #2548 (10/19/2015)
102 new signatures:
| HIGH | HTTP:EK-BLACKHOLE-V2-LP1 | HTTP: Blackholev2/Darkleech Exploit Kit Landing Page 1 |
| HIGH | HTTP:EK-STYX-LP4 | HTTP: Styx Exploit Kit Landing Page 4 |
| HIGH | HTTP:EK-STYX-OUT-CONN | HTTP: Styx Exploit Kit Outbound Connection Attempt |
| HIGH | HTTP:EK-MAGNITUDE-JNLP-REQ | HTTP: Magnitude/Popads/Nuclear Exploit Kit jnlp Request |
| HIGH | HTTP:EK-NUCLEAR-ADOBE-FLASH-1 | HTTP: Nuclear/Magnitude Exploit Kit Adobe Flash Exploit Download |
| HIGH | HTTP:EK-STYX-LP | HTTP: Styx Exploit Kit Landing Page Request |
| HIGH | HTTP:EK-NUCLEAR-ORACLE-JAVA | HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download Attempt |
| HIGH | HTTP:EK-HELLO-LIGHTOUT-LP | HTTP: Hello LightsOut Exploit Kit Landing Page Detected |
| HIGH | HTTP:EK-NUCLEAR-POST-JAVA-COMP | HTTP: Nuclear/Magnitude Exploit Kit Post Java Compromise |
| HIGH | HTTP:EK-DOTKACHEF-REDIR | HTTP: DotkaChef/Rmayana Exploit Kit Redirection Attempt |
| HIGH | HTTP:EK-X20-POST-JAVA-EXPLOIT | HTTP: X2O Exploit Kit Post Java Exploit Download Attempt |
| HIGH | HTTP:EK-SWEET-ORANGE-LP4 | HTTP: Sweet Orange Exploit Kit Landing Page 4 |
| HIGH | HTTP:EK-NUCLEAR-ORACLE-JAVA-1 | HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download |
| HIGH | HTTP:EK-NUCLEAR-IE-VULN-REQ | HTTP: Nuclear Exploit Kit Microsoft Internet Explorer Vulnerability Request |
| HIGH | HTTP:EK-GLAZUNOV-OUT-JNLP | HTTP: Glazunov Exploit Kit Outbound jnlp Download |
| HIGH | HTTP:EK-NEUTRINO-OUT-PLUGIN | HTTP: Neutrino Exploit Kit Outbound Plugin Detection |
| HIGH | HTTP:EK-NUCLEAR-OUT-JAR-REQ | HTTP: Nuclear Exploit Kit Outbound Jar Request |
| HIGH | HTTP:STC:SCRIPT:AV-MAGIC-EVADE1 | HTTP: Magic Byte Detection Evasion |
| HIGH | HTTP:STC:SCRIPT:WEBEX-WRF-BOF1 | HTTP: WebEx Player Stack Buffer Overflow |
| HIGH | HTTP:STC:SCRIPT:FF-NAV-URI1 | HTTP: Firefox Internet Explorer and Navigator URI Command Injection |
| HIGH | SHELLCODE:X86:PIECEMEAL | SHELLCODE: Piecemeal Exploit Shellcode Construction |
| HIGH | SHELLCODE:X86:PIECEMEAL1 | SHELLCODE: Piecemeal Exploit Shellcode Construction 1 |
| HIGH | SHELLCODE:X86:UNESCAPE-ENC | SHELLCODE: Unescape Encoded Shellcode |
| HIGH | SHELLCODE:X86:UNESCAPE-ENC1 | SHELLCODE: Unescape Encoded Shellcode 1 |
| HIGH | SHELLCODE:X86:METERPRETER-ESPIA | SHELLCODE: Metasploit Meterpreter Espia Attempt |
| HIGH | SHELLCODE:X86:METERPRET-ESPIA1 | SHELLCODE: Metasploit Meterpreter Espia Attempt 1 |
| HIGH | SHELLCODE:X86:METERPRET-ESPIA2 | SHELLCODE: Metasploit Meterpreter Espia Attempt 2 |
| HIGH | SHELLCODE:X86:KADMIND-BOF | SHELLCODE: Kadmind Buffer Overflow Attempt |
| HIGH | SHELLCODE:X86:SPARC-NOOP | SHELLCODE: Sparc NOOP |
| HIGH | SHELLCODE:X86:SGI-NOOP | SHELLCODE: SGI NOOP |
| HIGH | SHELLCODE:X86:BIN-SH-TRANSFER | SHELLCODE: Possible /bin/sh Shellcode Transfer Attempt |
| HIGH | HTTP:STC:ADOBE:CVE-2015-6678-CE | HTTP: Adobe Flash CVE-2015-6678 Code Execution |
| HIGH | HTTP:STC:ADOBE:CVE-2015-5573-CE | HTTP: Adobe Flash CVE-2015-5573 Code Execution |
| HIGH | HTTP:STC:ADOBE:CVE-2015-5587-CE | HTTP: Adobe Flash CVE-2015-5587 Remote Code Execution |
| HIGH | HTTP:ANGLER-EK-RD | HTTP: Angler Exploit Kit Redirection Page |
| HIGH | HTTP:EK-MULTIPLE-FLASH | HTTP: Multiple Exploit Kit Flash File Download |
| HIGH | HTTP:NUCLEAR-OUTBOUND-PR | HTTP: Nuclear Exploit Kit Outbound Payload Request |
| HIGH | HTTP:EK-ANGLER-LP5 | HTTP: Angler Exploit Kit Landing Page Detected 5 |
| HIGH | HTTP:EK-NUCLEAR-LP3 | HTTP: Nuclear Exploit Kit Landing Page Detected 3 |
| HIGH | HTTP:EK-NECLEAR-OBFU-FILE | HTTP: Nuclear Exploit Kit Obfuscated File Download |
| HIGH | HTTP:EK-ANGLER-LP4 | HTTP: Angler Exploit Kit Landing Page Detected 4 |
| HIGH | HTTP:EK-FLASH-DWNLD | Multiple exploit kit flash file download |
| HIGH | HTTP:EK-REDKIT-LP2 | HTTP: Redkit Exploit Kit Landing Page 2 |
| HIGH | HTTP:EK-NUCLEAR-OUTBOUND | HTTP: Nuclear Exploit Kit Outbound Flash Request |
| HIGH | HTTP:EK-UNIX-BACKDOOR-CDORKED | HTTP: Unix Backdoor Cdorked Blackhole Request Attempt |
| HIGH | HTTP:EK-COTTONCASTLE-FLASH-OC | HTTP: CottonCastle Exploit Kit Flash Outbound Connection |
| HIGH | HTTP:EK-COTTONCASTLE-JAVA-OC | HTTP: CottonCastle Exploit Kit Java Outbound Connection |
| HIGH | HTTP:EK-COTTONCASTLE-JAVA-CONN | HTTP: CottonCastle Exploit Kit Java Outbound Connection 1 |
| HIGH | HTTP:EK-COTTONCASTLE-DECRYPT-OR | HTTP: CottonCastle Exploit Kit Decryption Page Outbound Request |
| HIGH | HTTP:EK-MUL-SUCCESSFUL-REDIR | HTTP: Multiple Exploit Kit Successful Redirection |
| HIGH | HTTP:EK-NUCLEAR-SPOOFED-HOST | HTTP: Nuclear Exploit Kit Spoofed Host Header |
| HIGH | HTTP:EK-ANGLER-OUTBOUND-URL | HTTP: Angler Exploit Kit Outbound URL Structure |
| HIGH | HTTP:EK-FLASHPACK-SAFE-CRITX | HTTP: Flashpack/Safe/CritX Exploit Kit Executable Download |
| HIGH | HTTP:EK-FLASHPACK-SAFE-JAR | HTTP: Flashpack/Safe/CritX Exploit Kit Jar File Download |
| HIGH | HTTP:EK-DOTKACHEF-MAL-CAMP | HTTP: DotkaChef/Rmayana/DotCache Exploit Kit Malvertising Campaign |
| HIGH | HTTP:EK-RIG-MS-SILVERLIGHT-REQ | HTTP: Rig Exploit Kit Outbound Microsoft Silverlight Request |
| HIGH | HTTP:NUCLEAR-EK-BIN-DL | HTTP: Nuclear Pack Exploit Kit Binary Download |
| HIGH | HTTP:REDKIT-EK-MULTI-REQS | HTTP: Redkit Exploit Kit Multiple Requests |
| HIGH | HTTP:EK-FLIM-LP | HTTP: Flim Exploit Kit Landing Page |
| HIGH | HTTP:REDKIT-EK-JAVACLASS-REQ | HTTP: Redkit Exploit Kit Java Exploit Request To .class File |
| HIGH | HTTP:EK-MUL-PE-DOWNLOAD | HTTP: Multiple Exploit Kit Portable Executable Download |
| HIGH | HTTP:REDKIT-EK-5DIGIT-REQ | HTTP: Redkit Exploit Kit Java Exploit 5 Digit Request Attempt |
| HIGH | HTTP:EK-RIG-DGA-REQ | HTTP: Rig Exploit Kit Outbound DGA Request |
| HIGH | HTTP:EK-NUCLEAR-OUTBOUND-STR | HTTP: Nuclear Exploit Kit Outbound Structure |
| HIGH | HTTP:EK-FIESTA-REDIRECTION | HTTP: Fiesta Exploit Kit Redirection |
| HIGH | HTTP:EK-NUCLEAR-LAND-PG | HTTP: Nuclear Exploit Kit Landing Page Detected1 |
| HIGH | HTTP:CRIMEBOSS-EK-OUTCONN3 | HTTP: Crimeboss Exploit Kit Outbound Connection 3 |
| HIGH | HTTP:EK-NUCLEAR-JAVA-REQ | HTTP: Nuclear Exploit Kit Outbound Oracle Java Request |
| HIGH | HTTP:EK-ANGLER-JAVA-REQ | HTTP: Angler Exploit Kit Outbound Oracle Java Request |
| HIGH | HTTP:EK-HELLSPAWN-JAVA-REQ | HTTP: Hellspawn Exploit Kit Outbound Oracle Java Jar Request |
| HIGH | HTTP:EK-NUCLEAR-ORACLE-JAR-FILE | HTTP: Nuclear Exploit Kit Oracle Java Jar File Retrieval |
| HIGH | HTTP:CRITX-EK-PE-DL | HTTP: CritX Exploit Kit Portable Executable Download |
| HIGH | HTTP:SIBHOST-EK-JAR-DL | HTTP: Sibhost Exploit Kit JAR Download Outbound |
| HIGH | HTTP:EK-NUCLEAR-PAYLOAD-REQ | HTTP: Nuclear Exploit Kit Payload Request |
| HIGH | HTTP:EK-NUCLEAR-MS-SILVERLIGH | HTTP: Nuclear Exploit Kit Outbound Microsoft Silverlight Exploit Request |
| HIGH | HTTP:EK-ANGLER-DOWNLOAD | HTTP: Angler Exploit Kit Exploit Download Attempt |
| HIGH | HTTP:REDKIT-EK-LANDPG4 | HTTP: Redkit Exploit Kit Landing Page 4 |
| HIGH | HTTP:TDS-REDIR-EK | HTTP: TDS Redirection Exploit Kit Request Attempt |
| HIGH | HTTP:BH2-EK-URL-STRUCT | HTTP: Blackholev2 Exploit Kit URL Structure Request |
| HIGH | HTTP:EK-ANGLER-RELAY-TRAFFIC | HTTP: Angler Exploit Kit Relay Traffic Detected1 |
| HIGH | HTTP:MULTI-EK-32ALPHA-REQ | HTTP: Multiple Exploit Kit 32 Alpha JAR Request |
| HIGH | HTTP:REDKIT-EK-JAVA-EXPLOIT-DL | HTTP: Redkit Exploit Kit Java Exploit Request |
| HIGH | HTTP:WHITEHOLE-EK-JAVA-DL | HTTP: Whitehole Exploit Kit Java Exploit Retrieval |
| HIGH | HTTP:EK-ANGLER-LANDING-PG | Angler Exploit Kit Landing Page2 |
| HIGH | HTTP:EK-ANGLER-LP-2 | HTTP: Angler Exploit Kit Landing Page2 |
| HIGH | HTTP:CRIMEBOSS-EK-JAVA-DL2 | HTTP: Crimeboss Exploit Kit Java Exploit Download 2 |
| HIGH | HTTP:EK-FIESTA-ADOBE-DWNLD | HTTP: Fiesta Exploit Kit Adobe Reader Exploit Download |
| HIGH | HTTP:EK-FIESTA-JAVA-DWNLD | HTTP: Fiesta Exploit Kit Oracle Java Exploit Download |
| HIGH | HTTP:EK-FIESTA-SILVERLIGHT-DWLD | HTTP: Fiesta Exploit Kit Microsoft Silverlight Exploit Download |
| HIGH | HTTP:EK-FIESTA-FLASH-DWLD | HTTP: Fiesta Exploit Kit Adobe Flash Exploit Download |
| HIGH | HTTP:EK-RIG-OUTBOUND-COM | HTTP: Rig Exploit Kit Outbound Communication |
| HIGH | HTTP:EK-RIG-OUTBOUND-COM-1 | HTTP: Rig Exploit Kit Outbound Communication1 |
| HIGH | HTTP:EK-ANGLER-URI-STRUCT | HTTP: Angler Exploit Kit Outbound URI Structure |
| HIGH | HTTP:EK-ANGLER-FLASH-REQ | HTTP: Angler Exploit Kit Outbound Adobe Flash Request |
| HIGH | HTTP:SPL2-SILVERLIGHT-PLUG | HTTP: SPL2 Exploit Kit Silverlight Plugin Outbound Connection Attempt |
| HIGH | HTTP:EK-STAMP-MAL-PYLOAD-DL | HTTP: Stamp Exploit Kit Malicious Payload Download Attempt |
| HIGH | HTTP:NUCLEAR-OUTBOUND-CONN | HTTP: Nuclear Exploit Kit Outbound Connection |
| HIGH | HTTP:EK-NUCLEAR-PDF-REQ | HTTP: Nuclear Exploit Kit Outbound Pdf Request |
| HIGH | HTTP:EK-MAGNITUDE-FONT-FILE-REQ | HTTP: Magnitude Exploit Kit Embedded Open Type Font File Request |
| HIGH | HTTP:EK-STYX-LP-3 | HTTP: Styx Exploit Kit Landing Page 3 |
| HIGH | HTTP:EK-STYX-MAL-REDIR | HTTP: Styx Exploit Kit Malicious Redirection Attempt |
| HIGH | HTTP:EK-MAGNITUDE-IE-REQ | HTTP: Magnitude Exploit Kit Microsoft Internet Explorer Payload Request |
2 updated signatures:
| HIGH | HTTP:STYX-EK-PE-DL | HTTP: Styx Exploit Kit Portable Executable Download |
| HIGH | HTTP:SAKURA-EK-OUT | HTTP: Sakura Exploit Outbound Connection Attempt |
Details of the signatures included within this bulletin:
HTTP:EK-BLACKHOLE-V2-LP1 - HTTP: Blackholev2/Darkleech Exploit Kit Landing Page 1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-STYX-LP4 - HTTP: Styx Exploit Kit Landing Page 4
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-STYX-OUT-CONN - HTTP: Styx Exploit Kit Outbound Connection Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-MAGNITUDE-JNLP-REQ - HTTP: Magnitude/Popads/Nuclear Exploit Kit jnlp Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-ADOBE-FLASH-1 - HTTP: Nuclear/Magnitude Exploit Kit Adobe Flash Exploit Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-STYX-LP - HTTP: Styx Exploit Kit Landing Page Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-ORACLE-JAVA - HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-HELLO-LIGHTOUT-LP - HTTP: Hello LightsOut Exploit Kit Landing Page Detected
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-POST-JAVA-COMP - HTTP: Nuclear/Magnitude Exploit Kit Post Java Compromise
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-DOTKACHEF-REDIR - HTTP: DotkaChef/Rmayana Exploit Kit Redirection Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-X20-POST-JAVA-EXPLOIT - HTTP: X2O Exploit Kit Post Java Exploit Download Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-SWEET-ORANGE-LP4 - HTTP: Sweet Orange Exploit Kit Landing Page 4
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-ORACLE-JAVA-1 - HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-IE-VULN-REQ - HTTP: Nuclear Exploit Kit Microsoft Internet Explorer Vulnerability Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-GLAZUNOV-OUT-JNLP - HTTP: Glazunov Exploit Kit Outbound jnlp Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NEUTRINO-OUT-PLUGIN - HTTP: Neutrino Exploit Kit Outbound Plugin Detection
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-OUT-JAR-REQ - HTTP: Nuclear Exploit Kit Outbound Jar Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:STC:SCRIPT:AV-MAGIC-EVADE1 - HTTP: Magic Byte Detection Evasion
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Multiple Anti-Virus products. Attackers can bypass the security restrictions of a system allowing the attacker to carry on future attacks on the victim's computer.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:STC:SCRIPT:WEBEX-WRF-BOF1 - HTTP: WebEx Player Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known stack buffer overflow vulnerability in WebEx Player. It's due to improper handling of specially crafted files which results in a stack buffer overflow that can overwrite a function pointer to create reliable code execution. A successful attack can result in arbitrary code execution in the context of the application.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:STC:SCRIPT:FF-NAV-URI1 - HTTP: Firefox Internet Explorer and Navigator URI Command Injection
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Firefox, Navigator, and Internet Explorer. Attackers can inject code on the target system resulting in full control of the victim's computer.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:PIECEMEAL - SHELLCODE: Piecemeal Exploit Shellcode Construction
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:PIECEMEAL1 - SHELLCODE: Piecemeal Exploit Shellcode Construction 1
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:UNESCAPE-ENC - SHELLCODE: Unescape Encoded Shellcode
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:UNESCAPE-ENC1 - SHELLCODE: Unescape Encoded Shellcode 1
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:METERPRETER-ESPIA - SHELLCODE: Metasploit Meterpreter Espia Attempt
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:METERPRET-ESPIA1 - SHELLCODE: Metasploit Meterpreter Espia Attempt 1
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:METERPRET-ESPIA2 - SHELLCODE: Metasploit Meterpreter Espia Attempt 2
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:KADMIND-BOF - SHELLCODE: Kadmind Buffer Overflow Attempt
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:SPARC-NOOP - SHELLCODE: Sparc NOOP
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:SGI-NOOP - SHELLCODE: SGI NOOP
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
SHELLCODE:X86:BIN-SH-TRANSFER - SHELLCODE: Possible /bin/sh Shellcode Transfer Attempt
Severity: HIGH
Description:
This signature detects payloads being transferred over network that have been using x86 Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:STYX-EK-PE-DL - HTTP: Styx Exploit Kit Portable Executable Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from Styx exploit kit that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:SAKURA-EK-OUT - HTTP: Sakura Exploit Outbound Connection Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:STC:ADOBE:CVE-2015-6678-CE - HTTP: Adobe Flash CVE-2015-6678 Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
Supported On:
srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004, srx-11.4
References:
- cve: CVE-2015-6678
HTTP:STC:ADOBE:CVE-2015-5573-CE - HTTP: Adobe Flash CVE-2015-5573 Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
Supported On:
srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004, srx-11.4
References:
- cve: CVE-2015-5573
HTTP:STC:ADOBE:CVE-2015-5587-CE - HTTP: Adobe Flash CVE-2015-5587 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
Supported On:
srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004, srx-11.4
References:
- cve: CVE-2015-5587
HTTP:ANGLER-EK-RD - HTTP: Angler Exploit Kit Redirection Page
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-MULTIPLE-FLASH - HTTP: Multiple Exploit Kit Flash File Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:NUCLEAR-OUTBOUND-PR - HTTP: Nuclear Exploit Kit Outbound Payload Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
srx-branch-11.4, srx-branch-12.1, srx-10.0, srx-branch-10.0, srx-12.1, idp-5.1.0, idp-5.1.110150921, idp-5.1.110151004, srx-11.4
HTTP:EK-ANGLER-LP5 - HTTP: Angler Exploit Kit Landing Page Detected 5
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-LP3 - HTTP: Nuclear Exploit Kit Landing Page Detected 3
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NECLEAR-OBFU-FILE - HTTP: Nuclear Exploit Kit Obfuscated File Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-ANGLER-LP4 - HTTP: Angler Exploit Kit Landing Page Detected 4
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-FLASH-DWNLD - Multiple exploit kit flash file download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-REDKIT-LP2 - HTTP: Redkit Exploit Kit Landing Page 2
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-OUTBOUND - HTTP: Nuclear Exploit Kit Outbound Flash Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-UNIX-BACKDOOR-CDORKED - HTTP: Unix Backdoor Cdorked Blackhole Request Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-COTTONCASTLE-FLASH-OC - HTTP: CottonCastle Exploit Kit Flash Outbound Connection
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-COTTONCASTLE-JAVA-OC - HTTP: CottonCastle Exploit Kit Java Outbound Connection
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-COTTONCASTLE-JAVA-CONN - HTTP: CottonCastle Exploit Kit Java Outbound Connection 1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-COTTONCASTLE-DECRYPT-OR - HTTP: CottonCastle Exploit Kit Decryption Page Outbound Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-MUL-SUCCESSFUL-REDIR - HTTP: Multiple Exploit Kit Successful Redirection
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-SPOOFED-HOST - HTTP: Nuclear Exploit Kit Spoofed Host Header
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-ANGLER-OUTBOUND-URL - HTTP: Angler Exploit Kit Outbound URL Structure
Severity: HIGH
Description:
This signature detects an attempt to download exploits from Angler exploit kit that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-FLASHPACK-SAFE-CRITX - HTTP: Flashpack/Safe/CritX Exploit Kit Executable Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-FLASHPACK-SAFE-JAR - HTTP: Flashpack/Safe/CritX Exploit Kit Jar File Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-DOTKACHEF-MAL-CAMP - HTTP: DotkaChef/Rmayana/DotCache Exploit Kit Malvertising Campaign
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-RIG-MS-SILVERLIGHT-REQ - HTTP: Rig Exploit Kit Outbound Microsoft Silverlight Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from Goon exploit kit that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:NUCLEAR-EK-BIN-DL - HTTP: Nuclear Pack Exploit Kit Binary Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:REDKIT-EK-MULTI-REQS - HTTP: Redkit Exploit Kit Multiple Requests
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-FLIM-LP - HTTP: Flim Exploit Kit Landing Page
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:REDKIT-EK-JAVACLASS-REQ - HTTP: Redkit Exploit Kit Java Exploit Request To .class File
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-MUL-PE-DOWNLOAD - HTTP: Multiple Exploit Kit Portable Executable Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:REDKIT-EK-5DIGIT-REQ - HTTP: Redkit Exploit Kit Java Exploit 5 Digit Request Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-RIG-DGA-REQ - HTTP: Rig Exploit Kit Outbound DGA Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from Goon exploit kit that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-OUTBOUND-STR - HTTP: Nuclear Exploit Kit Outbound Structure
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-FIESTA-REDIRECTION - HTTP: Fiesta Exploit Kit Redirection
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-LAND-PG - HTTP: Nuclear Exploit Kit Landing Page Detected1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:CRIMEBOSS-EK-OUTCONN3 - HTTP: Crimeboss Exploit Kit Outbound Connection 3
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-JAVA-REQ - HTTP: Nuclear Exploit Kit Outbound Oracle Java Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-ANGLER-JAVA-REQ - HTTP: Angler Exploit Kit Outbound Oracle Java Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-HELLSPAWN-JAVA-REQ - HTTP: Hellspawn Exploit Kit Outbound Oracle Java Jar Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-ORACLE-JAR-FILE - HTTP: Nuclear Exploit Kit Oracle Java Jar File Retrieval
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:CRITX-EK-PE-DL - HTTP: CritX Exploit Kit Portable Executable Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:SIBHOST-EK-JAR-DL - HTTP: Sibhost Exploit Kit JAR Download Outbound
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-PAYLOAD-REQ - HTTP: Nuclear Exploit Kit Payload Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-MS-SILVERLIGH - HTTP: Nuclear Exploit Kit Outbound Microsoft Silverlight Exploit Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-ANGLER-DOWNLOAD - HTTP: Angler Exploit Kit Exploit Download Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:REDKIT-EK-LANDPG4 - HTTP: Redkit Exploit Kit Landing Page 4
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:TDS-REDIR-EK - HTTP: TDS Redirection Exploit Kit Request Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:BH2-EK-URL-STRUCT - HTTP: Blackholev2 Exploit Kit URL Structure Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-ANGLER-RELAY-TRAFFIC - HTTP: Angler Exploit Kit Relay Traffic Detected1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:MULTI-EK-32ALPHA-REQ - HTTP: Multiple Exploit Kit 32 Alpha JAR Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:REDKIT-EK-JAVA-EXPLOIT-DL - HTTP: Redkit Exploit Kit Java Exploit Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:WHITEHOLE-EK-JAVA-DL - HTTP: Whitehole Exploit Kit Java Exploit Retrieval
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-ANGLER-LANDING-PG - Angler Exploit Kit Landing Page2
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-ANGLER-LP-2 - HTTP: Angler Exploit Kit Landing Page2
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:CRIMEBOSS-EK-JAVA-DL2 - HTTP: Crimeboss Exploit Kit Java Exploit Download 2
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-FIESTA-ADOBE-DWNLD - HTTP: Fiesta Exploit Kit Adobe Reader Exploit Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-FIESTA-JAVA-DWNLD - HTTP: Fiesta Exploit Kit Oracle Java Exploit Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-FIESTA-SILVERLIGHT-DWLD - HTTP: Fiesta Exploit Kit Microsoft Silverlight Exploit Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-FIESTA-FLASH-DWLD - HTTP: Fiesta Exploit Kit Adobe Flash Exploit Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-RIG-OUTBOUND-COM - HTTP: Rig Exploit Kit Outbound Communication
Severity: HIGH
Description:
his signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-RIG-OUTBOUND-COM-1 - HTTP: Rig Exploit Kit Outbound Communication1
Severity: HIGH
Description:
his signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-ANGLER-URI-STRUCT - HTTP: Angler Exploit Kit Outbound URI Structure
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-ANGLER-FLASH-REQ - HTTP: Angler Exploit Kit Outbound Adobe Flash Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:SPL2-SILVERLIGHT-PLUG - HTTP: SPL2 Exploit Kit Silverlight Plugin Outbound Connection Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-STAMP-MAL-PYLOAD-DL - HTTP: Stamp Exploit Kit Malicious Payload Download Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:NUCLEAR-OUTBOUND-CONN - HTTP: Nuclear Exploit Kit Outbound Connection
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-NUCLEAR-PDF-REQ - HTTP: Nuclear Exploit Kit Outbound Pdf Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-MAGNITUDE-FONT-FILE-REQ - HTTP: Magnitude Exploit Kit Embedded Open Type Font File Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-STYX-LP-3 - HTTP: Styx Exploit Kit Landing Page 3
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-STYX-MAL-REDIR - HTTP: Styx Exploit Kit Malicious Redirection Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004
HTTP:EK-MAGNITUDE-IE-REQ - HTTP: Magnitude Exploit Kit Microsoft Internet Explorer Payload Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004