""ET CURRENT_EVENTS Nedbank Phishing Landing Page 2022-06-22""
SID: 2037101
Revision: 1
Class Type: trojan-activity
Metadata: attack_target Client_Endpoint, created_at 2022_06_23, deployment Perimeter, signature_severity Major, updated_at 2022_06_23, reviewed_at 2024_06_28
Reference:
-
md5
-
fea7f8afb1702315f20a90968dc8c191
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "200"
-
Value: "Access-Control-Allow-Origin|3a 20|"
-
Value: "Access-Control-Allow-Methods|3a 20|"
-
Value: "Access-Control-Allow-Headers|3a 20|"
-
Value: "|3c 21|DOCTYPE html|3e 0d 0a 3c 21 2d 2d 20|saved from url|3d 28|0042|29|https|3a 2f 2f|secured|2e|nedbank|2e|co|2e|za|2f 20 2d 2d 3e|" Depth: 77
-
Value: "|3c 21 2d 2d 20|base|20|href|3d 22|https|3a 2f 2f|secured|2e|nedbank|2e|co|2e|za|2f 22 20 2d 2d 3e|"
Within:
PCRE:
Special Options:
-
http_stat_code
-
http_header
-
http_header
-
http_header
-
file_data