ET PHISHING [TW] EvilProxy AiTM Cookie Value M1

SID: 2037850Rev: 21 views
History
Sourceet/open
CreatedJuly 29, 2022
UpdatedDecember 2, 2024
Classificationsocial-engineering
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING [TW] EvilProxy AiTM Cookie Value M1"; flow:established,to_client; content:"Server|3a 20|nginx/"; content:"|0d 0a 0d 0a 7b 22|statusCode|22 3a 20 22|success|22 2c 20 22|cname|22 3a 20 22|__"; fast_pattern; content:"|22 2c 20 22|cdomain|22 3a 20 22|"; distance:4; within:15; content:"|22 2c 20 22|cvalue|22 3a 20 22|"; distance:0; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})\x22\x7d$/R"; classtype:social-engineering; sid:2037850; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_07_29, deployment Perimeter, deprecation_reason Age, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_12_02, reviewed_at 2024_12_02;)

Metadata

attack targetClient_Endpoint
created at2022_07_29
deploymentPerimeter
deprecation reasonAge
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_12_02
reviewed at2024_12_02

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!