Versions (3)
Version DetailsCurrent
Rev: 1 • Sep 11, 2023, 12:00 PMET INFO PhishingBox Landing Page - Phishing Simulation
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO PhishingBox Landing Page - Phishing Simulation"; flow:established,to_client; http.response_body; content:"|24 2e|phishingKey|20 3d 20 27|"; fast_pattern; content:"|27 3b 0d 0a|"; distance:40; within:4; content:"|24 2e|URL|20 3d 20 27 2f|"; within:100; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,urlscan.io/result/c35d9882-7324-40ed-a1cd-c89d20c943f6/; classtype:not-suspicious; sid:2047993; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_09_11, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Informational, tag Phishing_Simulation, updated_at 2023_09_11;)
Sep 11, 2023, 12:00 PM
Sep 11, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-info.rules