alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Fake Chrome Update Landing Page Redirect to Payload (2023-10-26)"; flow:established,to_server; urilen:9; http.method; content:"GET"; http.uri; content:"/get.html"; fast_pattern; http.host; content:"chromium"; http.header_names; content:"Referer|0d 0a|"; reference:md5,98d6fd9e8155d03d9d96ccc70252f1b3; reference:url,twitter.com/g0njxa/status/1713919587996057847; classtype:trojan-activity; sid:2048570; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_10_16, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag compromised_website, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_10_16, reviewed_at 2023_10_16;)