ET MALWARE WP CharCode Inject

SID: 2039077Rev: 10 views
History
Sourceet/open
CreatedSeptember 30, 2022
UpdatedSeptember 30, 2022
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE WP CharCode Inject"; flow:established,to_client; http.response_body; content:"document|2e|getElementsByTagName|28 22|script|22 29 3b|"; content:"var|20|wantmee|20 3d 20|false|3b|"; distance:0; content:"wantmee|3d|true|3b|"; distance:0; fast_pattern; content:"if|28|wantmee|3d 3d|false|29|"; distance:0; content:"async|3d|true|3b|"; distance:0; content:"|2e|src|3d|String|2e|fromCharCode|28|"; distance:0; content:"document|2e|currentScript|2e|parentNode|2e|insertBefore"; distance:0; reference:md5,be4c9c2b5b96eb2eafb32105036da953; classtype:trojan-activity; sid:2039077; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_09_30, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_09_30;)

References

md5
be4c9c2b5b96eb2eafb32105036da953
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
created at2022_09_30
deploymentSSLDecrypt
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_09_30

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!