Versions (4)
Version DetailsCurrent
Rev: 1 • Jul 28, 2022, 12:00 PMET PHISHING Phishing Landing Page - Excel Purchase Order Form
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Phishing Landing Page - Excel Purchase Order Form"; flow:established,from_server; http.stat_code; content:"200"; http.response_body; content:"<form action|3d 22|"; content:"|2f|post.php|22|"; distance:0; content:"method|3d 22|post|22 3e|"; distance:0; content:"|3c|h3|20|id|3d 22|title|22 3e|Purchase|20|Order|20|Excel|20|Portal|3c 2f|h1|3e|"; within:300; fast_pattern; reference:url,app.any.run/tasks/cd930ac7-e716-42ac-a6ff-b24caffbcaffbc40d; classtype:credential-theft; sid:2037839; rev:1; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2022_07_28, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_07_28;)
Jul 28, 2022, 12:00 PM
Jul 28, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 1, 2025, 8:35 PM
rules/emerging-phishing.rules