alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS [eSentire] Docusign Phishing Landing 2018-04-09"; flow:established,to_client; file_data; content:""; nocase; content:"DocuSlgn"; nocase; distance:0; within:10; fast_pattern; content:"method=|22|post|22|"; nocase; distance:0; metadata: former_category CURRENT_EVENTS; classtype:bad-unknown; sid:2025476; rev:2; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Minor, created_at 2018_04_09, updated_at 2018_06_25;) <p /> </h2> <p /> Added 2018-06-25 17:31:15 UTC <p /> <p /> <form method="post" action="http://doc.emergingthreats.net/bin/save/Main/2025476" enctype="multipart/form-data" id="threadmode0" name="threadmode0"><input type="hidden" name="crypttoken" value="d379f394a05dc39221dc11a48cf1a909" /><div class="commentPlugin commentPluginPromptBox" style="margin: 5px 0;"> <div><textarea rows="5" cols="80" name="comment" class="twikiTextarea" wrap="soft" style="width: 100%" onfocus="if(this.value=='Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.')this.value=''" onblur="if(this.value=='')this.value='Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.'">Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.</textarea></div><div style="padding: 5px 0 0 0;"><input type="submit" value="Add to Documentation" class="twikiButton" /></div> </div><!--/commentPlugin--> <input type="hidden" name="comment_action" value="save" /> <input type="hidden" name="comment_type" value="threadmode" /> <input type="hidden" name="comment_index" value="0" /></form> <p /> <hr> <p /> <p /> <p /> <h2> <p /> <p /> alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Docusign Phishing Landing 2018-04-09"; flow:established,to_client; file_data; content:"<title>docuslgn"; nocase; fast_pattern; content:"method=|22|post|22|"; nocase; distance:0; metadata: former_category CURRENT_EVENTS; classtype:bad-unknown; sid:2025476; rev:1; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Minor, created_at 2018_04_09, updated_at 2018_04_09;)

Added 2018-04-09 18:05:09 UTC


Topic revision: r1 - 2018-06-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats