EXPLOIT-KIT -- Snort has alerted on traffic that is typical of known exploit kits. Exploit kits are pre-packaged sets of code and malware geared toward finding and taking advantage of common browser vulnerabilities. They are Javascript code that provides an entry point to a system to initiate the next state. Snort's rules look for known exploit kit nomenclature, information sent back exposing sensitive infrastructure, attempts to reach a certain file, etc. Rules try to identify the exact kit being used based on actor-group patterns, such as favored target website, malware types, and code similarities.
EXPLOIT-KIT Blackholev2 exploit kit landing page detected
This event is generated when a victim reaches the landing page of the Blackholev2 exploit kit. Impact: Exposure to a malicious web site, which could result in loss of integrity. Details: All exploit kits deliver their malicious payload by way of what is known as a landing page, which typically contains heavily obfuscated JavaScript that automates the process of delivering a sequence of attacks against the victim. This signature detects characteristics typical of the Blackholev2 exploit kit's landing page. Ease of Attack: Simple. The Blackholev2 is commercially available software with technical support.
No information provided
No public information
No known false positives
Cisco Talos
No rule groups
None
No information provided
None