alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Paypal Phishing Domain Mar 14 2016"; flow:to_server,established; content:"GET"; http_method; content:"paypal.com"; http_header; fast_pattern; content:!"Referer|3a 20|"; http_header; content:!"paypal.com|0d 0a|"; http_header; pcre:"/^Host\x3a[^\r\n]+paypal\.com[^\r\n]{20,}\r\n/Hmi"; threshold: type limit, count 1, track by_src, seconds 30; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2022618; rev:4; metadata:attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2016_03_14, updated_at 2017_10_06;)

Added 2017-10-11 11:05:25 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Paypal Phishing Domain Mar 14 2016"; flow:to_server,established; content:"GET"; http_method; content:"paypal.com"; http_header; fast_pattern; content:!"Referer|3a 20|"; http_header; content:!"paypal.com|0d 0a|"; http_header; pcre:"/^Host\x3a[^\r\n]+paypal\.com[^\r\n]{20,}\r\n/Hmi"; threshold: type limit, count 1, track by_src, seconds 30; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2022618; rev:3; metadata:attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2016_03_14, updated_at 2017_10_06;)

Added 2017-10-09 16:31:54 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Paypal Phishing Domain Mar 14"; flow:to_server,established; content:"GET"; http_method; content:"paypal.com"; http_header; fast_pattern; content:!"Referer|3a 20|"; http_header; content:!"paypal.com|0d 0a|"; http_header; pcre:"/^Host\x3a[^\r\n]+paypal\.com[^\r\n]{20,}\r\n/Hmi"; threshold: type limit, count 1, track by_src, seconds 30; classtype:trojan-activity; sid:2022618; rev:3; metadata:attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2016_03_14, updated_at 2016_07_01;)

Added 2017-08-07 21:17:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Paypal Phishing Domain Mar 14"; flow:to_server,established; content:"GET"; http_method; content:"paypal.com"; http_header; fast_pattern; content:!"Referer|3a 20|"; http_header; content:!"paypal.com|0d 0a|"; http_header; pcre:"/^Host\x3a[^\r\n]+paypal\.com[^\r\n]{20,}\r\n/Hmi"; threshold: type limit, count 1, track by_src, seconds 30; classtype:trojan-activity; sid:2022618; rev:3;)

Added 2016-03-14 20:55:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Paypal Phishing Domain Mar 14"; flow:to_server,established; content:"GET"; http_method; content:"paypal.com"; http_header; fast_pattern; content:!"Referer|3a 20|"; http_header; content:!"paypal.com|0d 0a|"; http_header; pcre:"/^Host\x3a[^\r\n]+paypal\.com[^\r\n]{20,}\r\n/Hmi"; threshold: type limit, count 1, track by_src, seconds 30; classtype:trojan-activity; sid:2022618; rev:3;)

Added 2016-03-14 17:53:37 UTC


Topic revision: r1 - 2017-10-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats