ET PHISHING HiYu - Request for User Specific Landing Page

SID: 2044322Rev: 10 views
History
Sourceet/open
CreatedFebruary 24, 2023
UpdatedFebruary 24, 2023
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING HiYu - Request for User Specific Landing Page"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/host|3a 2d|"; fast_pattern; pcre:"/\x3a\d{4}\?/R"; reference:url,urlscan.io/result/26b88d69-0fea-4c63-9f29-3c53350c098e/; classtype:trojan-activity; sid:2044322; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_02_24, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_02_24; target:src_ip;)

References

urlurlscan.io/result/26b88d69-0fea-4c63-9f29-3c53350c098e/

Metadata

attack targetClient_Endpoint
created at2023_02_24
deploymentSSLDecrypt
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_02_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!