""ET CURRENT_EVENTS Generic Credential Phish Landing Page M1 2022-09-28""
SID: 2039020
Revision: 1
Class Type: trojan-activity
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_09_28, deployment Perimeter, signature_severity Major, updated_at 2022_10_03
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "200"
-
Value: "We are the resellers of Travel Products & services i.e. hotels, flights deals, car rentals, vacation packages & attractions. We are a travel company associated with travel consolidators and 3rd party travel suppliers. We are neither directly or indirectly associated with any airlines. All prices quoted through us are including of all taxes and fees. The flight search engine used is a third-party tool used for just providing the information, we are not associated with any company available on it"
Within:
PCRE:
Special Options:
-
http_stat_code
-
file_data
-
nocase
-
fast_pattern