alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING Successful ING Banking Credential Phish 2022-12-12"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"name=|22|fName|22|"; distance:0; content:"name=|22|lName|22|"; distance:0; content:"name=|22|telepin|22|"; distance:0; content:"name=|22|telepinV|22|"; distance:0; fast_pattern; content:"name=|22|dob|22|"; distance:0; content:"name=|22|numberID|22|"; distance:0; reference:md5,6a1c9d34c63f22af42fc21f9e3ca6f82; classtype:credential-theft; sid:2042661; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_12_12, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_01_31;)