ET PHISHING PerSwaysion Phishkit Landing Page

SID: 2034027Rev: 20 viewsHistory

Sourceet/open

CreatedSeptember 24, 2021

UpdatedOctober 5, 2021

Classificationcredential-theft

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING PerSwaysion Phishkit Landing Page"; flow:established,to_client; http.stat_code; content:"200"; file.data; content:"themes/css/"; nocase; content:".css"; nocase; distance:45; content:"themes/css/"; nocase; content:".css"; nocase; distance:45; content:"script nonce="; nocase; fast_pattern; content:"themes/"; nocase; content:".js"; nocase; distance:42; content:"script nonce="; nocase; content:"themes/"; nocase; content:".js"; nocase; distance:32; reference:url,blog.group-ib.com/perswaysion; classtype:credential-theft; sid:2034027; rev:2; metadata:attack_target Client_Endpoint, created_at 2021_09_24, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_10_05;)

References

url	blog.group-ib.com/perswaysion

Metadata

attack targetClient_Endpoint

created at2021_09_24

deploymentPerimeter

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2021_10_05

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!