ET MALWARE Suspected Malicious JS Loader Activity (GET)Source: et/open
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Suspected Malicious JS Loader Activity (GET)"; flow:established,to_server;http.method; content:"GET"; http.uri; pcre:"/^\/[a-z]{8,12}$/"; http.user_agent; content:"Mozilla/4.0 (compatible|3b 20|Win32|3b 20|WinHttp.WinHttpRequest.5)"; fast_pattern; bsize:57; http.header_names; content:!"Referer"; reference:md5,93419e7818759ebd01e65a84f4c6535d; classtype:trojan-activity; sid:2049263; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_11_20, deployment Perimeter, deployment SSLDecrypt, former_category MALWARE, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2023_11_20; target:src_ip;)
Reference
md5Search Brave for 93419e7818759ebd01e65a84f4c6535d
md5Search Google for 93419e7818759ebd01e65a84f4c6535d
Metadata
attack_targetClient_Endpoint
created_at2023_11_20
deploymentPerimeter
deploymentSSLDecrypt
former_categoryMALWARE
performance_impactModerate
confidenceMedium
signature_severityMajor
updated_at2023_11_20