""ET CURRENT_EVENTS Ping Identity Landing Page 2022-03-14""

SID: 2035454

Revision: 2

Class Type: trojan-activity

Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_03_14, deployment Perimeter, signature_severity Major, updated_at 2022_03_14

Reference:

  • md5

  • 391dd3f15f5520a3bbfc654dbb3a4ac6

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

  • Value: "200"

  • Value: ""

  • Value: ""

  • Value: ""

  • Value: "Log in"

  • Value: "|24 2e|ajax"

  • Value: "type|20 3a 20 27|POST|27 2c|"

  • Value: "url|20 3a 20 27|files|2f|action|2e|php|3f|type|3d|login|27 2c|"

  • Value: "data|20 3a 20 24 28 27 23|loginForm|27 29 2e|serialize|28 29 2c|"

  • Value: "location|2e|href|20 3d 20 22|Loading|2e|php|22|"

  • Value: "Ping Identity Corporation"

Within:

PCRE:

Special Options:

  • http_stat_code

  • file_data

source