alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS JS Obfuscation - Possible Phishing 2016-03-01"; flow:from_server,established; content:"200"; http_stat_code; content:"Content-Type|3a 20|text/html"; http_header; file_data; content:"%75%6E%65%73%63%61%70%65%3D%66%75%6E%63%74%69%6F%6E"; fast_pattern:31,20; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%32%36%22%2C%20%22%67%22%29%2C%20%22%26%22%29%3B"; distance:0; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%33%42%22%2C%20%22%67%22%29%2C%20%22%3B%22%29%3B"; distance:0; content:"%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65"; distance:0; content:"%72%65%70%6C%61%63%65%28%27%3C%21%2D%2D%3F%2D%2D%3E%3C%3F%27%2C%27%3C%21%2D%2D%3F%2D%2D%3E%27%29%29%3B"; distance:0; metadata: former_category CURRENT_EVENTS; reference:url,proofpoint.com/us/threat-insight/post/Obfuscation-Techniques-In-Phishing-Attacks; classtype:trojan-activity; sid:2022578; rev:4; metadata:attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2016_03_01, updated_at 2017_10_13;)

Added 2019-04-17 18:26:10 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS JS Obfuscation - Possible Phishing 2016-03-01"; flow:from_server,established; content:"200"; http_stat_code; content:"Content-Type|3a 20|text/html"; http_header; file_data; content:"%75%6E%65%73%63%61%70%65%3D%66%75%6E%63%74%69%6F%6E"; fast_pattern:31,20; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%32%36%22%2C%20%22%67%22%29%2C%20%22%26%22%29%3B"; distance:0; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%33%42%22%2C%20%22%67%22%29%2C%20%22%3B%22%29%3B"; distance:0; content:"%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65"; distance:0; content:"%72%65%70%6C%61%63%65%28%27%3C%21%2D%2D%3F%2D%2D%3E%3C%3F%27%2C%27%3C%21%2D%2D%3F%2D%2D%3E%27%29%29%3B"; distance:0; metadata: former_category CURRENT_EVENTS; reference:url,proofpoint.com/us/threat-insight/post/Obfuscation-Techniques-In-Phishing-Attacks; classtype:trojan-activity; sid:2022578; rev:3; metadata:attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2016_03_01, updated_at 2017_10_13;)

Added 2019-04-16 18:43:46 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Phishing Landing Obfuscation Mar 01 2016"; flow:from_server,established; content:"200"; http_stat_code; content:"Content-Type|3a 20|text/html"; http_header; file_data; content:"%75%6E%65%73%63%61%70%65%3D%66%75%6E%63%74%69%6F%6E"; fast_pattern:31,20; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%32%36%22%2C%20%22%67%22%29%2C%20%22%26%22%29%3B"; distance:0; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%33%42%22%2C%20%22%67%22%29%2C%20%22%3B%22%29%3B"; distance:0; content:"%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65"; distance:0; content:"%72%65%70%6C%61%63%65%28%27%3C%21%2D%2D%3F%2D%2D%3E%3C%3F%27%2C%27%3C%21%2D%2D%3F%2D%2D%3E%27%29%29%3B"; distance:0; metadata: former_category CURRENT_EVENTS; reference:url,proofpoint.com/us/threat-insight/post/Obfuscation-Techniques-In-Phishing-Attacks; classtype:trojan-activity; sid:2022578; rev:3; metadata:attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2016_03_01, updated_at 2017_10_13;)

Added 2017-10-16 16:12:48 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Phishing Landing Obfuscation Mar 01 2016"; flow:from_server,established; content:"200"; http_stat_code; content:"Content-Type|3a 20|text/html"; http_header; file_data; content:"%75%6E%65%73%63%61%70%65%3D%66%75%6E%63%74%69%6F%6E"; fast_pattern:31,20; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%32%36%22%2C%20%22%67%22%29%2C%20%22%26%22%29%3B"; distance:0; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%33%42%22%2C%20%22%67%22%29%2C%20%22%3B%22%29%3B"; distance:0; content:"%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65"; distance:0; content:"%72%65%70%6C%61%63%65%28%27%3C%21%2D%2D%3F%2D%2D%3E%3C%3F%27%2C%27%3C%21%2D%2D%3F%2D%2D%3E%27%29%29%3B"; distance:0; metadata: former_category CURRENT_EVENTS; reference:url,proofpoint.com/us/threat-insight/post/Obfuscation-Techniques-In-Phishing-Attacks; classtype:trojan-activity; sid:2022578; rev:3; metadata:attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2016_03_01, updated_at 2017_10_13;)

Added 2017-10-13 19:17:59 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Phishing Landing Obfuscation Mar 01 2016"; flow:from_server,established; content:"200"; http_stat_code; content:"Content-Type|3a 20|text/html"; http_header; file_data; content:"%75%6E%65%73%63%61%70%65%3D%66%75%6E%63%74%69%6F%6E"; fast_pattern:31,20; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%32%36%22%2C%20%22%67%22%29%2C%20%22%26%22%29%3B"; distance:0; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%33%42%22%2C%20%22%67%22%29%2C%20%22%3B%22%29%3B"; distance:0; content:"%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65"; distance:0; content:"%72%65%70%6C%61%63%65%28%27%3C%21%2D%2D%3F%2D%2D%3E%3C%3F%27%2C%27%3C%21%2D%2D%3F%2D%2D%3E%27%29%29%3B"; distance:0; metadata: former_category CURRENT_EVENTS; reference:url,proofpoint.com/us/threat-insight/post/Obfuscation-Techniques-In-Phishing-Attacks; classtype:trojan-activity; sid:2022578; rev:2; metadata:attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2016_03_01, updated_at 2017_10_13;)

Added 2017-10-13 19:06:04 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Phishing Landing Obfuscation Mar 1"; flow:from_server,established; content:"200"; http_stat_code; content:"Content-Type|3a 20|text/html"; http_header; file_data; content:"%75%6E%65%73%63%61%70%65%3D%66%75%6E%63%74%69%6F%6E"; fast_pattern:31,20; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%32%36%22%2C%20%22%67%22%29%2C%20%22%26%22%29%3B"; distance:0; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%33%42%22%2C%20%22%67%22%29%2C%20%22%3B%22%29%3B"; distance:0; content:"%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65"; distance:0; content:"%72%65%70%6C%61%63%65%28%27%3C%21%2D%2D%3F%2D%2D%3E%3C%3F%27%2C%27%3C%21%2D%2D%3F%2D%2D%3E%27%29%29%3B"; distance:0; reference:url,proofpoint.com/us/threat-insight/post/Obfuscation-Techniques-In-Phishing-Attacks; classtype:trojan-activity; sid:2022578; rev:2; metadata:attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2016_03_01, updated_at 2016_07_01;)

Added 2017-08-07 21:17:31 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Phishing Landing Obfuscation Mar 1"; flow:from_server,established; content:"200"; http_stat_code; content:"Content-Type|3a 20|text/html"; http_header; file_data; content:"%75%6E%65%73%63%61%70%65%3D%66%75%6E%63%74%69%6F%6E"; fast_pattern:31,20; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%32%36%22%2C%20%22%67%22%29%2C%20%22%26%22%29%3B"; distance:0; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%33%42%22%2C%20%22%67%22%29%2C%20%22%3B%22%29%3B"; distance:0; content:"%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65"; distance:0; content:"%72%65%70%6C%61%63%65%28%27%3C%21%2D%2D%3F%2D%2D%3E%3C%3F%27%2C%27%3C%21%2D%2D%3F%2D%2D%3E%27%29%29%3B"; distance:0; reference:url,proofpoint.com/us/threat-insight/post/Obfuscation-Techniques-In-Phishing-Attacks; classtype:trojan-activity; sid:2022578; rev:2;)

Added 2016-03-02 01:01:48 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Phishing Landing Obfuscation Mar 1"; flow:from_server,established; content:"200"; http_stat_code; content:"Content-Type|3a 20|text/html"; http_header; file_data; content:"%75%6E%65%73%63%61%70%65%3D%66%75%6E%63%74%69%6F%6E"; fast_pattern:31,20; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%32%36%22%2C%20%22%67%22%29%2C%20%22%26%22%29%3B"; distance:0; content:"%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%22%25%33%42%22%2C%20%22%67%22%29%2C%20%22%3B%22%29%3B"; distance:0; content:"%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65"; distance:0; content:"%72%65%70%6C%61%63%65%28%27%3C%21%2D%2D%3F%2D%2D%3E%3C%3F%27%2C%27%3C%21%2D%2D%3F%2D%2D%3E%27%29%29%3B"; distance:0; reference:url,proofpoint.com/us/threat-insight/post/Obfuscation-Techniques-In-Phishing-Attacks; classtype:trojan-activity; sid:2022578; rev:2;)

Added 2016-03-01 14:26:56 UTC


Topic revision: r1 - 2019-04-17 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats