ET PHISHING NOTG Phish Kit Visitor Fingerprinting

SID: 2060211Rev: 116 views

Sourceet/open

CreatedFebruary 19, 2025

UpdatedFebruary 19, 2025

Classificationcredential-theft

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING NOTG Phish Kit Visitor Fingerprinting"; http.method; content:"POST"; http.request_body; content:"PageType="; startswith; content:"&NAMEOFTHEGUY="; distance:0; fast_pattern; content:"&ip="; distance:0; content:"&city"; distance:0; content:"&country="; distance:0; classtype:credential-theft; sid:2060211; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_02_19, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag Phishing, updated_at 2025_02_19, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing;)

Metadata

attack targetClient_Endpoint

tls stateTLSDecrypt

created at2025_02_19

deploymentSSLDecrypt

performance impactLow

confidenceHigh

signature severityMajor

tagPhishing

updated at2025_02_19

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1566

mitre technique namePhishing

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!