Versions (4)
Version DetailsCurrent
Rev: 2 • May 5, 2023, 12:00 PMET PHISHING W3LL STORE Credential Phish Landing Page (Index) 2023-05-05
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING W3LL STORE Credential Phish Landing Page (Index) 2023-05-05"; file.data; content:"<script>"; content:"var|20|hash|20 3d 20|location|2e|hash|2e|substr|28|1|29 3b|"; distance:0; content:"window.location.replace('"; distance:0; content:"/index#'"; distance:0; content:"|2b 20|hash|29 3b|"; distance:0; content:"window.location.replace('https://href.li"; distance:0; fast_pattern; content:"</script>"; distance:0; classtype:credential-theft; sid:2045609; rev:2; metadata:created_at 2023_05_05, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_05_05, reviewed_at 2025_03_14;)
May 5, 2023, 12:00 PM
May 5, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 22, 2025, 9:34 PM
rules/emerging-phishing.rules