ET MALWARE lolzilla JS/PHP WebSkimmer - Data Exfil - Suricata Rule 2032927 (et/open)

ET MALWARE lolzilla JS/PHP WebSkimmer - Data Exfil

SID: 2032927Rev: 10 viewsHistory

Sourceet/open

CreatedMay 10, 2021

UpdatedMay 10, 2021

Classificationcommand-and-control

alert http [$HOME_NET,$HTTP_SERVERS] any -> $EXTERNAL_NET any (msg:"ET MALWARE lolzilla JS/PHP WebSkimmer - Data Exfil"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"_hash|22 0d 0a 0d 0a|eydyZWZlcmVyJzo"; fast_pattern; reference:url,lukeleal.com/research/posts/lolzilla-php-js-skimmer/; classtype:command-and-control; sid:2032927; rev:1; metadata:affected_product Magento, attack_target Client_and_Server, created_at 2021_05_10, deployment Perimeter, deployment SSLDecrypt, malware_family JS_PHP, performance_impact Low, confidence High, signature_severity Major, updated_at 2021_05_10;)

References

url	lukeleal.com/research/posts/lolzilla-php-js-skimmer/

Metadata

affected productMagento

attack targetClient_and_Server

created at2021_05_10

deploymentSSLDecrypt

malware familyJS_PHP

performance impactLow

confidenceHigh

signature severityMajor

updated at2021_05_10

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!