""ET CURRENT_EVENTS Outlook WebApp Phish Landing 2015-11-05""
SID: 2031691
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2015_11_05, updated_at 2015_11_05
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "var translate_dict = {"
-
Value: "VERIFICATION_CODE"
-
Value: "VERIFICATION_CODE_REQUIRED"
-
Value: "NOT_BEGIN_OR_END_WITH_SPACE"
-
Value: "USERNAME_ALL_NUMERIC"
-
Value: "PASSWORDS_DONT_MATCH"
-
Value: "PWD_HINT_REQUIRED"
-
Value: "PASSWORD_MATCHES_USERNAME"
-
Value: "REQUEST_PASSWORD_RESET"
-
Value: "ENTER_VALID_VERIFICATION_CODE"
-
Value: "PASSWORD_MATCH_HINT"
-
Value: "Your work here is done"
-
Value: "Yikes! Something's gone wrong."
Within:
PCRE:
Special Options:
-
file_data
-
nocase
-
nocase
-
fast_pattern
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase