ET PHISHING Cloned Website Phishing Landing - Saved Website Comment Observed

SID: 2025281Rev: 20 views
History
Sourceet/open
CreatedJanuary 31, 2018
UpdatedJuly 26, 2019
Classificationsocial-engineering
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Cloned Website Phishing Landing - Saved Website Comment Observed"; flow:established,to_client; file_data; content:"<!-- saved from url=("; within:300; pcre:"/^\s*?\d+?\s*?\)(?:https://(?:w(?:ww(?:\.(?:(?:bankofamerica|paypal|ups|wellsfargo)\.com|a(?:dobecloud\.com|mazon\.co\.jp)|tax\.service\.gov\.uk|cibc\.mobi)|1\.royalbank\.com)|ebmail\.(?:i(?:llinois|ndstate)\.ed|optusnet\.com\.a)u)|(?:s(?:i(?:tekey\.bankofamerica|gnin\.ebay)|ecure(?:\.bankofamerica|05c\.chase))|login\.(?:(?:microsoftonlin|liv)e|verizonwireless|alibaba)|my\.screenname\.aol)\.com|(?:(?:ex(?:change\.(?:louisvill|purdu)|mail\.oregonstat)e|owa\.uaa\.alaska)\.ed|ib\.nab\.com\.a)u|voscomptesenligne\.labanquepostale\.fr|auth\.centurylink\.net)|/logon/logon/chaseOnline|#www\.kucoin\.com)/Rsi"; classtype:social-engineering; sid:2025281; rev:2; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2018_01_31, deployment Perimeter, confidence Medium, signature_severity Minor, tag Phishing, updated_at 2019_07_26;)

Metadata

affected productWeb_Browsers
attack targetClient_Endpoint
created at2018_01_31
deploymentPerimeter
confidenceMedium
signature severityMinor
tagPhishing
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!