Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING ING Group Credential Phish Landing Page 2022-12-02"; flow:established,to_client; http.stat_code; content:"200"; file.data; content:"<!-- saved from url="; content:"http|2d|equiv|3d 22|refresh|22 20|content|3d 22|15|3b 20|url|3d 2e 2f|bestatigungsnachricht|2e|html|22|"; content:"<title>ING Login</title>"; reference:md5,fc68fded6fc19e85d37f244329c9ff45; classtype:credential-theft; sid:2041649; rev:1; metadata:created_at 2022_12_02, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_12_02;)