""ET CURRENT_EVENTS Javascript Displays malicious download page""

SID: 2033815

Revision: 2

Class Type: trojan-activity

Metadata: created_at 2021_08_26, updated_at 2021_08_26

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

• Value: "200"

• Value: "|22 26|gt|3b 26|lt|3b|div|26|gt|3b 26|lt|3b|h1|26|gt|3b|Your|20|download|20|will|20|start|20|shortly|2e 26|lt|3b 2f|h1|26|gt|3b 26|lt|3b|p|26|gt|3b|If|20|your|20|download|20|does|20|not|20|start|2c 20|please|20 26|lt|3b|a|20|href|3d 22|"

Within:

PCRE:

Special Options:

• http_stat_code

• file_data

source