ET PHISHING DadSec Credential Phish Landing Page 2024-11-06

SID: 2057299Rev: 310 views
Sourceet/open
CreatedNovember 6, 2024
UpdatedNovember 7, 2024
Classificationcredential-theft
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING DadSec Credential Phish Landing Page 2024-11-06"; flow:established,to_server; http.request_line; content:"POST|20|//|20|"; fast_pattern; http.request_body; content:"{|22|"; startswith; content:"|22 3a 22|"; distance:0; content:"|22|}"; endswith; classtype:credential-theft; sid:2057299; rev:3; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_11_06, deployment Perimeter, deployment SSLDecrypt, confidence Low, signature_severity Major, tag Phishing, tag DadSec, tag AiTM, updated_at 2024_11_07, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing;)

Metadata

attack targetClient_Endpoint
tls stateTLSDecrypt
created at2024_11_06
deploymentSSLDecrypt
confidenceLow
signature severityMajor
tagAiTM
updated at2024_11_07
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1566
mitre technique namePhishing

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!