""ET CURRENT_EVENTS BT Group Credential Phish Landing Page 2022-07-01""

SID: 2037254

Revision: 1

Class Type: trojan-activity

Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_07_01, deployment Perimeter, signature_severity Major, updated_at 2022_07_01

Reference:

  • md5

  • 263a4cf0a25e8aa49386fb7b941e95f3

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

  • Value: "200"

  • Value: "sign in"

  • Value: "action|3d 22 2f 2f|www|2e|weebly|2e|com|2f|weebly|2f|apps|2f|formSubmit|2e|php|22|"

  • Value: "BT ID or Email address"

  • Value: "Passw|2a 2a 2a|d"

Within:

PCRE:

Special Options:

  • http_stat_code

  • file_data

  • nocase

  • nocase

source