""ET INFO Possible Obfuscator io JavaScript Obfuscation""

SID: 2038501

Revision: 3

Class Type: trojan-activity

Metadata: attack_target Client_Endpoint, created_at 2022_08_11, deployment Perimeter, signature_severity Informational, updated_at 2023_04_06, reviewed_at 2023_08_31

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

  • Value: "|3d 27|abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789|2b 2f 3d 27 3b|var|20|"

Within:

PCRE: "/function(\s_0x[0-9a-f]{4})?(_0x[0-9a-f]{6},_0x[0-9a-f]{6}){var _0x[0-9a-f]{6}=/i"

Special Options:

  • file_data

source