Versions (6)
Version DetailsCurrent
Rev: 2 • Oct 3, 2022, 12:00 PMET MALWARE TA569 Obfuscated sczriptzzb JavaScript Inject
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE TA569 Obfuscated sczriptzzb JavaScript Inject"; flow:established,to_client; http.response_body; content:"|3b|var|20|scriptzzb|3d|document|5b 5f|0x"; content:"|3b 7d|scriptzzb|5b 27|src|27 5d 3d 5f|0x"; distance:0; content:"|29 5d 28|scriptzzb|29 3b|"; distance:0; fast_pattern; reference:md5,8946ea9a572ad2c136d630071be86b77; classtype:trojan-activity; sid:2039084; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_10_03, deployment Perimeter, deployment SSLDecrypt, deprecation_reason Age, malware_family TA569, performance_impact Low, confidence High, signature_severity Major, tag compromised_website, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_03_02, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)
Oct 3, 2022, 12:00 PM
Mar 2, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 29, 2025, 8:34 PM
rules/emerging-malware.rules