alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE TA569 sczriptzzbn JavaScript Inject"; flow:established,to_client; content:"var|20|sczriptzzbn|20 3d 20|document|2e|createElement|28 27|script|27 29 3b|"; fast_pattern; content:"sczriptzzbn|2e|src|20 3d 20 27|"; distance:0; content:"document|2e|getElementsByTagName|28 27|head|27 29 5b|0|5d 2e|appendChild|28|sczriptzzbn|29 3b|"; distance:0; reference:md5,ca97d5e7d5e2590cdb475150c020c94b; classtype:trojan-activity; sid:2039028; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_08_22, deployment Perimeter, deprecation_reason Age, performance_impact Low, confidence High, signature_severity Major, tag compromised_website, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_03_02;)