ET MALWARE Magecart/Skimmer - _try_action Exfil Attempt - Suricata Rule 2032788 (et/open)

ET MALWARE Magecart/Skimmer - _try_action Exfil Attempt

SID: 2032788Rev: 10 viewsHistory

Sourceet/open

CreatedApril 20, 2021

UpdatedApril 20, 2021

Classificationtrojan-activity

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Magecart/Skimmer - _try_action Exfil Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".png"; endswith; http.content_type; content:"application/x-www-form-urlencoded"; startswith; http.request_body; content:"cid="; startswith; fast_pattern; content:"&host="; reference:url,lukeleal.com/research/posts/cdn-frontend-skimmer/; classtype:trojan-activity; sid:2032788; rev:1; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2021_04_20, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag CardSkimmer, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_04_20;)

References

url	lukeleal.com/research/posts/cdn-frontend-skimmer/

Metadata

affected productWeb_Browsers

attack targetClient_Endpoint

created at2021_04_20

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2021_04_20

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!