EXPLOIT-KIT -- Snort has alerted on traffic that is typical of known exploit kits. Exploit kits are pre-packaged sets of code and malware geared toward finding and taking advantage of common browser vulnerabilities. They are Javascript code that provides an entry point to a system to initiate the next state. Snort's rules look for known exploit kit nomenclature, information sent back exposing sensitive infrastructure, attempts to reach a certain file, etc. Rules try to identify the exact kit being used based on actor-group patterns, such as favored target website, malware types, and code similarities.
EXPLOIT-KIT Flim exploit kit outbound jar request
This event is generated when a user downloads files characteristic of an in-progress attack by the Flim exploit kit. Impact: Potential compromise of the victim system. Loss of integrity. Details: This signature detects systems attempting to download a malicious file known to be delivered as part of attacks by the Flim exploit kit. This file is only downloaded once a victim has reached a live kit; if the machine requesting this file is vulnerable to any of the attacks delivered by the Flim exploit kit, it is likely compromised. Ease of Attack: Simple. The Flim is commercially available software with technical support.
No information provided
No public information
No known false positives
Cisco Talos
No rule groups
None
No information provided
None
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
