Versions (3)
Version DetailsCurrent
Rev: 1 • May 9, 2024, 12:00 PMET PHISHING Possible Microsoft Phishing HTML Class Tag
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Possible Microsoft Phishing HTML Class Tag"; flow:established,to_client; http.stat_code; content:"200"; file.data; content:"|3c|html class|3d 22 20|gttiirk idc0_350|22 3e|"; fast_pattern; classtype:social-engineering; sid:2052530; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_05_09, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence Low, signature_severity Major, updated_at 2024_05_09; target:dest_ip;)
May 9, 2024, 12:00 PM
May 9, 2024, 12:00 PM
May 9, 2024, 9:00 PM
May 9, 2024, 9:00 PM
rules/emerging-phishing.rules