""ET CURRENT_EVENTS Generic Phishing Landing M2 2018-01-29""
SID: 2025261
Revision: 2
Class Type: bad-unknown
Metadata: affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2018_01_29, deployment Perimeter, signature_severity Minor, tag Phishing, updated_at 2018_01_29
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "background|3a 20|#3baee7|3b|"
-
Value: "-webkit-linear-gradient(top, #3baee7, #08c)"
-
Value: "text-shadow|3a 20|1px 1px 3px #666666"
-
Value: "background|3a 20|#3cb0fd|3b|"
-
Value: "-webkit-linear-gradient(top, #3cb0fd, #3498db)"
-
Value: ".dark {"
-
Value: "color|3a 20|#525252|3b|"
-
Value: ".dark-select {"
-
Value: "background|3a 20|#DFDFDF url('down-arrow.png')"
Within:
PCRE:
Special Options:
-
file_data
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
fast_pattern