ET PHISHING Netscaler Gateway Credential Theft (POST)

SID: 2048476Rev: 113 views
History
Sourceet/open
CreatedOctober 6, 2023
UpdatedOctober 6, 2023
Classificationcredential-theft
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING Netscaler Gateway Credential Theft (POST)"; flow:established,to_server; urilen:15; http.method; content:"POST"; http.uri; content:"/items/accounts"; fast_pattern; http.host; content:"js"; http.accept; content:"application|2f|json|2c 20|text|2f|plain|2c 20 2a 2f 2a|"; bsize:33; http.content_type; content:"application/json"; bsize:16; reference:md5,58a7e26a7f5fa67bfd9d0faadab9f5a3; reference:url,securityintelligence.com/posts/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/; classtype:credential-theft; sid:2048476; rev:1; metadata:created_at 2023_10_06, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_10_06;)

References

md5
58a7e26a7f5fa67bfd9d0faadab9f5a3
Google SearchBrave Search
urlsecurityintelligence.com/posts/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/

Metadata

created at2023_10_06
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_10_06

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!