alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Malware Delivery Landing Page via JS Redirect (2021-06-24)"; flow:established,to_client; file.data; content:"|3c|title|3e|File Download|3c 2f|title|3e|"; content:"|24 2e|getJSON|28 20 22|https|3a 2f 2f|"; distance:0; content:"|2f 22 2c 20|function|28|res|29 20 7b 0d 0a 0d 0a|"; within:300; content:"|7d 29 2e|done|28|function|28|res|29 20 7b 0d 0a|"; within:40; content:"params|2e|url|20 3d 20 22|https|3a 2f 2f|"; within:120; fast_pattern; content:"|22 20 2b 20|res|2e|data"; within:300; reference:url,app.any.run/tasks/bfa6644a-3d2c-41e0-9a6d-fe9306e8fc85/; classtype:trojan-activity; sid:2033189; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2021_06_25, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Major, updated_at 2021_06_25;)