Versions (4)
Version DetailsCurrent
Rev: 1 • May 10, 2021, 12:00 PMET MALWARE lolzilla JS/PHP WebSkimmer - Data Exfil
alert http [$HOME_NET,$HTTP_SERVERS] any -> $EXTERNAL_NET any (msg:"ET MALWARE lolzilla JS/PHP WebSkimmer - Data Exfil"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"_hash|22 0d 0a 0d 0a|eydyZWZlcmVyJzo"; fast_pattern; reference:url,lukeleal.com/research/posts/lolzilla-php-js-skimmer/; classtype:command-and-control; sid:2032927; rev:1; metadata:affected_product Magento, attack_target Client_and_Server, created_at 2021_05_10, deployment Perimeter, deployment SSLDecrypt, malware_family JS_PHP, performance_impact Low, confidence High, signature_severity Major, updated_at 2021_05_10;)
May 10, 2021, 12:00 PM
May 10, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-malware.rules