Versions (4)
Version DetailsCurrent
Rev: 2 • May 5, 2023, 12:00 PMET PHISHING W3LL STORE Credential Phish Landing Page (Capt) 2023-05-05
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING W3LL STORE Credential Phish Landing Page (Capt) 2023-05-05"; file.data; content:"function(_0x4461d6,_0x85069)"; fast_pattern; content:"bot|20 3d 20|isBot|28 29 3b|"; distance:0; content:"var|20|hash|20 3d 20|location|2e|hash|2e|substr|28|1|29 3b|"; distance:0; content:"window|2e|location|2e|href|20 3d 20 27|verify|3f|"; distance:0; content:"|26|data|3d 27 2b|hash|3b|"; distance:0; classtype:credential-theft; sid:2045608; rev:2; metadata:attack_target Client_Endpoint, created_at 2023_05_05, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_05_05, reviewed_at 2025_03_14;)
May 5, 2023, 12:00 PM
May 5, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 22, 2025, 9:34 PM
rules/emerging-phishing.rules