Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Phoenix Exploit Kit Facebook phishing page payload could be ZeuS"; flow:established,to_server; http.method; content:"GET"; nocase; http.uri; content:"/LoginFacebook.php"; endswith; pcre:"/\/[a-z]{2}[0-9]{3}[a-z]{2}\/LoginFacebook\.php$/"; reference:url,malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html; classtype:exploit-kit; sid:2011121; rev:7; metadata:attack_target Client_Endpoint, created_at 2010_07_30, deployment Perimeter, signature_severity Major, tag Phishing, updated_at 2020_04_21;)