""ET INFO Possible Obfuscator io JavaScript Obfuscation""
SID: 2038501
Revision: 3
Class Type: trojan-activity
Metadata: attack_target Client_Endpoint, created_at 2022_08_11, deployment Perimeter, signature_severity Informational, updated_at 2023_04_06, reviewed_at 2023_08_31
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
- Value: "|3d 27|abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789|2b 2f 3d 27 3b|var|20|"
Within:
PCRE: "/function(\s_0x[0-9a-f]{4})?(_0x[0-9a-f]{6},_0x[0-9a-f]{6}){var _0x[0-9a-f]{6}=/i"
Special Options:
- file_data