""ET EXPLOIT Metasploit Random Base CharCode JS Encoded String""
SID: 2019091
Revision: 4
Class Type: trojan-activity
Metadata: affected_product Any, attack_target Client_and_Server, created_at 2014_08_29, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, signature_severity Critical, tag Metasploit, updated_at 2023_06_01
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: [!443,$HTTP_PORTS]
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
- Value: "String.fromCharCode("
Within:
PCRE: "/^(?=(?:(:?0x[a-f0-9]{2}|0+?\d{1,3})\s?,\s?)?\d{1,3})(?=(?:(:?0x[a-f0-9]{2}|\d{1,3})\s?,\s?)?0+?\d{1,3})(?=(?:(:?0+?\d{1,3}|\d{1,3})\s?,\s?)?0x[a-f0-9]{2})(?:(:?0x[a-f0-9]{2}|0+?\d{1,3}|\d{1,3})\s?,\s?)+(:?0x[a-f0-9]{2}|0+?\d{1,3}|\d{1,3})\s?)/Rsi"
Special Options:
- file_data