""ET TROJAN MageCart JS Retrieval""

SID: 2030884

Revision: 3

Class Type: trojan-activity

Metadata: created_at 2020_09_15, performance_impact Low, updated_at 2020_11_12

Reference:

• Link

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "/122002/assets/js/widget.js" Depth: 27

Within:

PCRE: "/Host[^\r\n]+mcdnn.(?:me|net)$/H"

Special Options:

• fast_pattern

• http_uri

source