""ET MALWARE Malware Delivery Landing Page via JS Redirect (2021-06-24)""
SID: 2033189
Revision: 2
Class Type: trojan-activity
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2021_06_25, deployment Perimeter, deployment SSLDecrypt, signature_severity Major, updated_at 2021_06_25
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "|3c|title|3e|File Download|3c 2f|title|3e|"
-
Value: "|24 2e|getJSON|28 20 22|https|3a 2f 2f|"
-
Value: "|2f 22 2c 20|function|28|res|29 20 7b 0d 0a 0d 0a|"
-
Value: "|7d 29 2e|done|28|function|28|res|29 20 7b 0d 0a|"
-
Value: "params|2e|url|20 3d 20 22|https|3a 2f 2f|"
-
Value: "|22 20 2b 20|res|2e|data"
Within: 300
PCRE:
Special Options:
-
file_data
-
fast_pattern