ET WEB_CLIENT Volexity - JS Sniffer Data Theft Beacon Detected - Suricata Rule 2025880 (et/open)

ET WEB_CLIENT Volexity - JS Sniffer Data Theft Beacon Detected

SID: 2025880Rev: 30 viewsHistory

Sourceet/open

CreatedJuly 23, 2018

UpdatedAugust 25, 2020

Classificationtrojan-activity

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_CLIENT Volexity - JS Sniffer Data Theft Beacon Detected"; flow:established,to_server; http.method; content:"GET"; http.uri; content:".php?"; content:"=WyJ1cmw"; distance:0; fast_pattern; reference:url,www.volexity.com/blog/2018/07/19/js-sniffer-e-commerce-data-theft-made-easy/; classtype:trojan-activity; sid:2025880; rev:3; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2018_07_23, deployment Perimeter, signature_severity Major, tag Stealer, tag c2, updated_at 2020_08_25, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

References

url	www.volexity.com/blog/2018/07/19/js-sniffer-e-commerce-data-theft-made-easy/

Metadata

affected productWeb_Browsers

attack targetClient_Endpoint

created at2018_07_23

deploymentPerimeter

signature severityMajor

tagc2

updated at2020_08_25

mitre tactic idTA0010

mitre tactic nameExfiltration

mitre technique idT1041

mitre technique nameExfiltration_Over_C2_Channel

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!