""ET CURRENT_EVENTS PerSwaysion JavaScript Response M1""
SID: 2033037
Revision: 3
Class Type: trojan-activity
Metadata: affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2021_05_27, deployment Perimeter, deployment SSLDecrypt, signature_severity Major, updated_at 2021_05_28
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "Content-Type|3a 20|"
-
Value: "javascript"
-
Value: "eval|28|function|28 24|nbrut|2c|" Depth: 21
-
Value: "function|28 24|charCode|29 20 7b|return|20 28 24|charCode|20|"
-
Value: "|3f 20|String|2e|fromCharCode|28|"
-
Value: "|29 20 3a 20 24|charCode|2e|toString|28|"
-
Value: "|2e|replace|28|new|20|RegExp|28 27 5c 5c|b|27 20 2b|"
Within: 50
PCRE: "/^Content-Type\x3a\x20[^\r\n]+\/javascript/Hmi"
Special Options:
-
http_header
-
http_header
-
file_data