""ET CURRENT_EVENTS GitLab Phishing Landing 2018-07-19""
SID: 2025871
Revision: 2
Class Type: trojan-activity
Metadata: attack_target Client_Endpoint, created_at 2018_07_19, deployment Perimeter, performance_impact Low, signature_severity Minor, tag Phish, updated_at 2018_07_19
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "
Sign in|20 c2 b7 20|GitLab " -
Value: "|20|action=|22|login.php|22 20|"
-
Value: "|20|name=|22|username|22 20|"
-
Value: "type=|22|password|22|"
-
Value: "|20|name=|22|password|22 20|"
Within: 17
PCRE:
Special Options:
-
file_data
-
fast_pattern