alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible JS Credit Card Stealer Inbound"; flow:established,from_server; content:"200"; http_stat_code; file_data; content:"Month|3a 20|"; content:"Year|3a 20|"; content:"CVV|3a 20|"; content:"Holder|27 5d 20|===|20|undefined|20 7c 7c 20 24|"; fast_pattern; content:"CVV|20|!==|20|null|20|&&"; distance:0; content:".SendData|28 29|"; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2027344; rev:1; metadata:attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_05_09, performance_impact Low, updated_at 2019_05_09;)

Added 2019-05-09 20:11:15 UTC

Topic revision: r1 - 2019-05-10 - TWikiGuest
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats