ET PHISHING Generic Credential Phish Landing Page M1 2024-09-27

SID: 2056318Rev: 12 views
Sourceet/open
CreatedSeptember 27, 2024
UpdatedSeptember 28, 2024
Classificationcredential-theft
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Generic Credential Phish Landing Page M1 2024-09-27"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"<html point="; depth:200; content:"id|3d 22|html|22 20|sti|3d 22|"; within:100; fast_pattern; content:"vic="; within:100; reference:url,any.run/cybersecurity-blog/analysis-of-the-phishing-campaign/; classtype:credential-theft; sid:2056318; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_09_27, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Phishing, updated_at 2024_09_28, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing;)

References

urlany.run/cybersecurity-blog/analysis-of-the-phishing-campaign/

Metadata

attack targetClient_Endpoint
tls stateTLSDecrypt
created at2024_09_27
deploymentSSLDecrypt
confidenceMedium
signature severityMajor
tagPhishing
updated at2024_09_28
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1566
mitre technique namePhishing

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!