#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Successful Google App Oauth Phish M4 Mar 3 2017"; flow:to_server,established; content:"GET"; http_method; content:"/tds.php?h="; depth:11; http_uri; fast_pattern; nocase; content:"&subid=alert"; nocase; distance:32; within:12; http_uri; content:"/r.php?h="; http_header; content:"|0d 0a|"; distance:32; within:2; http_header; classtype:trojan-activity; sid:2024269; rev:4; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2017_05_03, deployment Perimeter, former_category PHISHING, signature_severity Major, tag Phishing, updated_at 2019_09_06;)
Added 2022-05-19 19:06:43 UTC
#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Successful Google App Oauth Phish M4 Mar 3 2017"; flow:to_server,established; content:"GET"; http_method; content:"/tds.php?h="; depth:11; http_uri; fast_pattern; nocase; content:"&subid=alert"; nocase; distance:32; within:12; http_uri; content:"/r.php?h="; http_header; content:"|0d 0a|"; distance:32; within:2; http_header; classtype:trojan-activity; sid:2024269; rev:3; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2017_05_03, deployment Perimeter, former_category PHISHING, signature_severity Major, tag Phishing, updated_at 2019_09_06;)
Added 2020-08-05 19:13:31 UTC
#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Successful Google App Oauth Phish M4 Mar 3 2017"; flow:to_server,established; content:"GET"; http_method; content:"/tds.php?h="; depth:11; http_uri; fast_pattern; nocase; content:"&subid=alert"; nocase; distance:32; within:12; http_uri; content:"/r.php?h="; http_header; content:"|0d 0a|"; distance:32; within:2; http_header; metadata: former_category PHISHING; classtype:trojan-activity; sid:2024269; rev:3; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2017_05_03, updated_at 2019_09_06;)
Added 2019-09-06 19:00:12 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Successful Google App Oauth Phish M4 Mar 3 2017"; flow:to_server,established; content:"GET"; http_method; content:"/tds.php?h="; depth:11; http_uri; fast_pattern; nocase; content:"&subid=alert"; nocase; distance:32; within:12; http_uri; content:"/r.php?h="; http_header; content:"|0d 0a|"; distance:32; within:2; http_header; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2024269; rev:3; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2017_05_03, updated_at 2017_05_03;)
Added 2017-08-07 21:19:36 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Successful Google App Oauth Phish M4 Mar 3 2017"; flow:to_server,established; content:"GET"; http_method; content:"/tds.php?h="; depth:11; http_uri; fast_pattern; nocase; content:"&subid=alert"; nocase; distance:32; within:12; http_uri; content:"/r.php?h="; http_header; content:"|0d 0a|"; distance:32; within:2; http_header; classtype:trojan-activity; sid:2024269; rev:3;)
Added 2017-05-05 16:59:08 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Successful Google App Oauth Phish M4 Mar 3 2017"; flow:to_server,established; content:"GET"; http_method; content:"/tds.php?h="; depth:11; http_uri; fast_pattern; nocase; content:"&subid=alert"; nocase; distance:32; within:12; http_uri; content:"/r.php?h="; http_header; content:"|0d 0a|"; distance:32; within:2; http_header; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2024269; rev:3;)
Added 2017-05-03 20:04:59 UTC