Rule History

SID: 2042660 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 2 • Dec 12, 2022, 12:00 PM

Message:

ET PHISHING ING Banking Credential Phish Landing Page 2022-12-12

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING ING Banking Credential Phish Landing Page 2022-12-12"; flow:established,to_client; http.stat_code; content:"200"; file.data; content:"<title>ING-DiBa Internetbanking + Brokerage</title>"; content:"name=|22|fName|22| "; distance:0; content:"name=|22|lName|22|"; distance:0; content:"name=|22|telepin|22| "; distance:0; content:"name=|22|telepinV|22|"; distance:0; fast_pattern; content:"name=|22|dob|22|"; distance:0; content:"name=|22|numberID|22|"; distance:0; reference:md5,6a1c9d34c63f22af42fc21f9e3ca6f82; classtype:credential-theft; sid:2042660; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_12_12, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_01_31;)

Created:

Dec 12, 2022, 12:00 PM

Updated:

Jan 31, 2024, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Aug 27, 2025, 9:35 PM

Filename:

rules/emerging-phishing.rules