""ET INFO Hidden embedded HTML Document""
SID: 2031803
Revision: 2
Class Type: bad-unknown
Metadata: affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2021_03_03, deployment Perimeter, signature_severity Informational, updated_at 2021_03_03
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "<embed src=|27|data|3a|text/html|3b|base64|2c|PCFET0NUWVBFIGh0bWw+"
-
Value: "|27 20|height|3d 27|0|27 20|frameborder|3d 27|0|27 3e 3c 2f|embed|3e|"
Within: 6000
PCRE:
Special Options:
-
file_data
-
fast_pattern