Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Fullz House Credit Card Skimmer JavaScript Inbound"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"var SendFlag = []|3b 0a|function Base64Function(e) {|0d|"; startswith; fast_pattern; content:"|0a|function SendData(vals){|0a|"; distance:0; content:"var b = document.createElement|28 22|img|22 29 3b|b.width = |22|1px|22 3b|b.height = |22|1px|22 3b 20|b.id = img_id|3b|b.src = atob|28 22|"; reference:url,blog.malwarebytes.com/malwarebytes-news/2020/10/mobile-network-operator-falls-into-the-hands-of-fullz-house-criminal-group/; classtype:command-and-control; sid:2030981; rev:1; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2020_10_06, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CardSkimmer, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_06;)