ET PHISHING Generic Credential Phish Fingerprinting Activity (Base64 Vars Detected &rand=, &sv=, &uid=)

SID: 2056317Rev: 12 views
Sourceet/open
CreatedSeptember 27, 2024
UpdatedSeptember 27, 2024
Classificationcredential-theft
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING Generic Credential Phish Fingerprinting Activity (Base64 Vars Detected &rand=, &sv=, &uid=)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"cmFuZDE9"; startswith; fast_pattern; content:"SZzdj1"; content:"0mdWlkPV"; reference:url,any.run/cybersecurity-blog/analysis-of-the-phishing-campaign/; classtype:credential-theft; sid:2056317; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_09_27, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Phishing, updated_at 2024_09_27, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing;)

References

urlany.run/cybersecurity-blog/analysis-of-the-phishing-campaign/

Metadata

attack targetClient_Endpoint
tls stateTLSDecrypt
created at2024_09_27
deploymentSSLDecrypt
confidenceMedium
signature severityMajor
tagPhishing
updated at2024_09_27
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1566
mitre technique namePhishing

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!