ET PHISHING Google Redirect to Generic Credential Phish Landing Page 2024-11-05

SID: 2057280Rev: 110 views
Sourceet/open
CreatedNovember 5, 2024
UpdatedNovember 6, 2024
Classificationcredential-theft
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Google Redirect to Generic Credential Phish Landing Page 2024-11-05"; flow:established,to_client; http.stat_code; content:"200"; http.content_len; byte_test:0,<=,500,0,string,dec; http.header_names; content:"|0d 0a|x-guploader-uploadid|0d 0a|"; fast_pattern; http.response_body; content:"http|2d|equiv|3d 22|refresh|22|"; distance:0; content:"URL="; distance:0; content:"/0/0/0/"; distance:0; classtype:credential-theft; sid:2057280; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_11_05, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Phishing, updated_at 2024_11_06, former_sid 2858896, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing;)

Metadata

attack targetClient_Endpoint
tls stateTLSDecrypt
created at2024_11_05
deploymentSSLDecrypt
confidenceMedium
signature severityMajor
tagPhishing
updated at2024_11_06
former sid2858896
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1566
mitre technique namePhishing

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!