ET PHISHING BULLSreCaptcha Credential Phish Landing Page M3 2024-10-17

SID: 2057275Rev: 19 views

Sourceet/open

CreatedOctober 17, 2024

UpdatedNovember 6, 2024

Classificationcredential-theft

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING BULLSreCaptcha Credential Phish Landing Page M3 2024-10-17"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"_assetz/"; fast_pattern; nocase; content:".php?sslchannel=true&sessionid="; distance:0; nocase; content:"post"; distance:0; nocase; reference:url,ic3.gov/Media/Y2024/PSA240412; reference:url,urlscan.io/responses/40b09b41500c93bfbdc2d27b58cef9b61633dd2b457aac93b21dd2dcc8f332ba/; reference:url,tria.ge/241017-h6nrjs1aqq/behavioral1; classtype:credential-theft; sid:2057275; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_10_17, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag Phishing, updated_at 2024_11_06, former_sid 2858713, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing;)

References

url	ic3.gov/Media/Y2024/PSA240412
url	urlscan.io/responses/40b09b41500c93bfbdc2d27b58cef9b61633dd2b457aac93b21dd2dcc8f332ba/
url	tria.ge/241017-h6nrjs1aqq/behavioral1

Metadata

attack targetClient_Endpoint

tls stateTLSDecrypt

created at2024_10_17

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagPhishing

updated at2024_11_06

former sid2858713

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1566

mitre technique namePhishing

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!