Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Badoo Phishing Landing 2018-07-19"; flow:established,from_server; file_data; content:"<title>Sign in to Badoo</title>"; fast_pattern; content:"<label for=|22|emaill"; distance:0; pcre:"/^\d{5,20}\x22/QR"; content:"<label for=|22|password"; pcre:"/^\d{5,20}\x22/QR"; content:">Password</label>"; within:40; content:">Sign me in!</span>"; distance:0; classtype:social-engineering; sid:2025870; rev:3; metadata:attack_target Client_Endpoint, created_at 2018_07_19, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Minor, tag Phish, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_19;)