alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Microsoft Office Phishing Landing 2016-12-18"; flow:to_client,established; content:"200"; http_stat_code; http_content_type; content:"text/html"; depth:9; file_data; content:"
Microsoft Office"; fast_pattern; nocase; content:"Login below to access file"; nocase; distance:0; classtype:trojan-activity; sid:2029658; rev:4; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2016_12_19, deployment Perimeter, former_category PHISHING, signature_severity Major, tag Phishing, updated_at 2020_11_09;)
<p />
</h2>
<p />
Added 2020-11-09 19:10:17 UTC
<p />
<p />
<form method="post" action="https://doc.emergingthreats.net/bin/save/Main/2029658" enctype="multipart/form-data" id="threadmode0" name="threadmode0"><input type="hidden" name="crypttoken" value="3ed75d1839fa2e07d2946612744c969f" /><div class="commentPlugin commentPluginPromptBox" style="margin: 5px 0;"> <div><textarea rows="5" cols="80" name="comment" class="twikiTextarea" wrap="soft" style="width: 100%" onfocus="if(this.value=='Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.')this.value=''" onblur="if(this.value=='')this.value='Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.'">Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.</textarea></div><div style="padding: 5px 0 0 0;"><input type="submit" value="Add to Documentation" class="twikiButton" /></div> </div><!--/commentPlugin-->
<input type="hidden" name="comment_action" value="save" />
<input type="hidden" name="comment_type" value="threadmode" />
<input type="hidden" name="comment_index" value="0" /></form>
<p />
<hr>
<p />
<p />
<p />
<h2>
<p />
<p />
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Microsoft Office Phishing Landing 2016-12-18"; flow:to_client,established; content:"200"; http_stat_code; http_content_type; content:"text/html"; depth:9; file_data; content:"<title>Microsoft Office"; fast_pattern; nocase; content:"Login below to access file"; nocase; distance:0; classtype:trojan-activity; sid:2029658; rev:4; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2016_12_19, deployment Perimeter, former_category PHISHING, signature_severity Major, tag Phishing, updated_at 2020_03_19;)
<p />
</h2>
<p />
Added 2020-08-05 19:17:45 UTC
<p />
<p />
<p />
<hr>
<p />
<p />
<p />
<h2>
<p />
<p />
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Microsoft Office Phishing Landing 2016-12-18"; flow:to_client,established; content:"200"; http_stat_code; http_content_type; content:"text/html"; depth:9; file_data; content:"<title>Microsoft Office"; fast_pattern; nocase; content:"Login below to access file"; nocase; distance:0; metadata: former_category PHISHING; classtype:trojan-activity; sid:2029658; rev:4; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Major, created_at 2016_12_19, updated_at 2020_03_19;)
<p />
</h2>
<p />
Added 2020-03-19 18:04:57 UTC
<p />
<p />
<p />
<hr>
<p /> </div><!-- /patternTopic-->
<div class="twikiContentFooter"></div></div><!-- /patternContent-->
<div class="clear"></div>
<a name="topic-actions"></a><div class="patternTopicActions"><div class="patternTopicAction"><span class="patternActionButtons"><span><a href='https://doc.emergingthreats.net/bin/edit/Main/2029658?t=1614377853;nowysiwyg=1' rel='nofollow' title='Edit this topic text' accesskey='e'><img src='/pub/TWiki/TWikiDocGraphics/uweb-o14.gif' width='14' height='14' border='0' alt='' /> <span class='twikiAccessKey'>E</span>dit</a></span><span class='twikiSeparator'> | </span><span><a href='/bin/attach/Main/2029658' rel='nofollow' title='Attach an image or document to this topic' accesskey='a'><span class='twikiAccessKey'>A</span>ttach</a></span><span class='twikiSeparator'> | </span><span><a href='/bin/view/Main/2029658?cover=print' rel='nofollow' title='Printable version of this topic' accesskey='p'><span class='twikiAccessKey'>P</span>rint version</a></span><span class='twikiSeparator'> | </span><span><span><a href='/bin/rdiff/Main/2029658?type=history' rel='nofollow' title='View total topic history' accesskey='h'><span class='twikiAccessKey'>H</span>istory</a></span>: r1</span><span class='twikiSeparator'> | </span><span><a href='/bin/oops/Main/2029658?template=backlinksweb' rel='nofollow' title='Search the Main Web for topics that link to here' accesskey='b'><span class='twikiAccessKey'>B</span>acklinks</a></span><span class='twikiSeparator'> | </span><span><a href='/bin/view/Main/2029658?raw=on' rel='nofollow' title='View raw text without formatting' accesskey='r'><span class='twikiAccessKey'>R</span>aw View</a></span><span class='twikiSeparator'> | </span><span><a href='https://doc.emergingthreats.net/bin/edit/Main/2029658?t=1614377853;nowysiwyg=0' rel='nofollow' title='WYSIWYG editor' accesskey='w'>WYSIWYG</a></span><span class='twikiSeparator'> | </span><span><a href='/bin/oops/Main/2029658?template=oopsmore¶m1=1¶m2=1' rel='nofollow' title='Delete or rename this topic; set parent topic; view and compare revisions' accesskey='m'><span class='twikiAccessKey'>M</span>ore topic actions</a></span></span></div><!--/patternTopicAction--></div><!--/patternTopicActions-->
<div class="patternInfo twikiGrayText"><div class="patternRevInfo">Topic revision: r1 - 2020-11-10 <a href="https://doc.emergingthreats.net/bin/edit/Main/2029658?nowysiwyg=1614377853" target="_top">-</a> <a class="twikiLink" href="/bin/view/Main/TWikiGuest">TWikiGuest</a></div><!-- /patternRevInfo--></div><!-- /patternInfo-->
</div><!-- /patternMainContents-->
</div><!-- /patternMain--><div id="patternLeftBar"><div id="patternClearHeaderLeft"></div>
<div id="patternLeftBarContents"><div class="patternWebIndicator"> <ul>
<li> <a class="twikiCurrentWebHomeLink twikiLink" href="/bin/view/Main/WebHome"><img src="/pub/TWiki/TWikiDocGraphics/web-bg-small.gif" width="13" height="13" alt="Web background" title="Web background" border="0" /> Main</a>
</li></ul>
</div>
<div class="patternLeftBarPersonal">
<ul><li class="patternLogIn"><a href="/bin/login/Main/2029658?origurl=/bin/view/Main/2029658">Log In</a> </li></ul>
</div><!--/patternLeftBarPersonal-->
<p /> <ul>
<li> <b><a class="twikiCurrentWebHomeLink twikiLink" href="/bin/view/Main/WebHome"> <img src="/pub/TWiki/TWikiDocGraphics/home.gif" width="16" height="16" alt="Home" title="Home" border="0" /> Main Web</a></b>
</li> <li> <a href="/bin/view/Main/WebTopicCreator?parent=2029658" target="_top"> <img src="/pub/TWiki/TWikiDocGraphics/newtopic.gif" width="16" height="16" alt="New topic" title="New topic" border="0" /> Create New Topic</a>
</li> <li> <a class="twikiLink" href="/bin/view/Main/WebTopicList"> <img src="/pub/TWiki/TWikiDocGraphics/index.gif" width="16" height="16" alt="Index" title="Index" border="0" /> Index</a>
</li> <li> <a class="twikiLink" href="/bin/view/Main/WebSearch"> <img src="/pub/TWiki/TWikiDocGraphics/searchtopic.gif" width="16" height="16" alt="Search topic" title="Search topic" border="0" /> Search</a>
</li> <li> <a class="twikiLink" href="/bin/view/Main/RuleChanges"> <img src="/pub/TWiki/TWikiDocGraphics/changes.gif" width="16" height="16" alt="Changes" title="Changes" border="0" /> Changes</a>
</li> <li> <a class="twikiLink" href="/bin/view/Main/WebPreferences"> <img src="/pub/TWiki/TWikiDocGraphics/wrench.gif" width="16" height="16" alt="Wrench, tools" title="Wrench, tools" border="0" /> Preferences</a>
</li></ul>
<p /> <ul>
<li> <b>User Reference</b>
</li> <li> <a href="http://doc.emergingthreats.net/bin/view/TWiki/ATasteOfTWiki" target="_top">ATasteOfTWiki</a>
</li> <li> <a href="http://doc.emergingthreats.net/bin/view/TWiki/TextFormattingRules" target="_top">TextFormattingRules</a>
</li></ul>
<p />
<p /> <ul>
<li> <b>Signature Reference</b>
</li> <li> <a class="twikiLink" href="/bin/view/Main/WebRss">WebRss</a> Feed
</li> <li> <a class="twikiLink" href="/bin/view/Main/EmergingFAQ">EmergingFAQ</a>
</li></ul>
<p />
<p />
</div><!-- /patternLeftBarContents--></div><!-- /patternLeftBar-->
</div><!-- /patternFloatWrap-->
<div class="clear"> </div>
</div><!-- /patternOuter--></div><!-- /patternWrapper--><div id="patternTopBar"><div id="patternTopBarContents"><table border="0" cellpadding="0" cellspacing="0" style="width:100%; margin-top:12px;">
<tr><td valign="middle"><span id="twikiLogo" class="twikiImage"><a href="https://doc.emergingthreats.net"><img src="https://doc.emergingthreats.net/logo.png" border="0" alt="Emerging Threats" style="border:none;" /></a></span></td>
<td align="right" valign="top" class="patternMetaMenu">
<ul>
<li> <form name="jumpForm" action="/bin/view/Main/2029658"><input id="jumpFormField" type="text" class="twikiInputField" name="topic" value="" size="18" /><noscript> <input type="submit" class="twikiButton" size="5" name="submit" value="Jump" /> </noscript> </form>
</li> <li> <form name="quickSearchForm" action="/bin/view/Main/WebSearch"><input type="text" class="twikiInputField" id="quickSearchBox" name="search" value="" size="18" /><input type="hidden" name="scope" value="all" /><input type="hidden" name="web" value="Main" /><noscript> <input type="submit" size="5" class="twikiButton" name="submit" value="Search" /> </noscript> </form>
</li> <li>
</li></ul>
</td></tr></table></div></div><!-- /patternTopBar--><div id="patternBottomBar"><div id="patternBottomBarContents"><div id="patternWebBottomBar"><div class="twikiCopyright"><span class="twikiRight"> <a href="http://twiki.org/"><img src="/pub/TWiki/TWikiLogos/T-badge-88x31.gif" alt="This site is powered by the TWiki collaboration platform" width="88" height="31" title="This site is powered by the TWiki collaboration platform" border="0" /></a></span><span class="twikiRight" style="padding:0 10px 0 10px"> <a href="http://www.perl.org/"><img src="/pub/TWiki/TWikiLogos/perl-logo-88x31.gif" alt="Powered by Perl" width="88" height="31" title="Powered by Perl" border="0" /></a></span><span class="twikiRight"> <a href="http://twiki.org/"><img src="/pub/TWiki/TWikiLogos/T-logo-80x15.gif" alt="This site is powered by the TWiki collaboration platform" width="80" height="15" title="This site is powered by the TWiki collaboration platform" border="0" /></a></span>Copyright © Emerging Threats <br /></div><!--/patternWebBottomBar--></div><!-- /patternBottomBarContents--></div><!-- /patternBottomBar-->
</div><!-- /patternPage-->
</div><!-- /patternPageShadow-->
</div><!-- /patternScreen-->
</body></html> 
