Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING GitLab Phishing Landing 2018-07-19"; flow:established,from_server; file_data; content:"<title>Sign in|20 c2 b7 20|GitLab</title>"; fast_pattern; content:"|20|action=|22|login.php|22 20|"; distance:0; content:"|20|name=|22|username|22 20|"; distance:0; content:"type=|22|password|22|"; distance:0; content:"|20|name=|22|password|22 20|"; within:17; classtype:social-engineering; sid:2025871; rev:2; metadata:attack_target Client_Endpoint, created_at 2018_07_19, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Minor, tag Phish, updated_at 2020_08_19;)