ET PHISHING EvilProxy AiTM Cookie Value M2
Sourceet/open
Fileemerging-phishing.rules
CreatedJanuary 17, 2023
UpdatedApril 3, 2024
Classificationsocial-engineering
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING EvilProxy AiTM Cookie Value M2"; flow:established,to_client ; http.server; content:"nginx/"; file.data; content:"|7b 22|statusCode|22 3a 20 22|success|22 2c 20 22|cookieKey|22 3a 20 22|"; startswith; fast_pattern; content:"|22 2c 20 22|cookieDomain|22 3a 20 22|"; distance:4; within:21; content:"|22 2c 20 22|cookieValue|22 3a 20 22|"; distance:0; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})\x22\x7d$/R" ; reference:url,boredhackerblog.info/2022/11/looking-for-evilproxy-notes.html ; classtype:social-engineering; sid:2043332; rev:2; metadata:created_at 2023_01_17, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_03, reviewed_at 2025_10_24;)
Metadata
created at2023_01_17
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_03
reviewed at2025_10_24
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!