ET PHISHING [TW] Trex Phishkit POSTSource: et/open
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING [TW] Trex Phishkit POST"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/chkdsk.php"; fast_pattern; http.request_body; content:"trex="; startswith; classtype:social-engineering; sid:2048384; rev:1; metadata:created_at 2023_10_03, updated_at 2023_10_03;)
Metadata
created_at2023_10_03
updated_at2023_10_03