This rule is designed to identify potentially malicious email messages by analyzing the subject lines for specific bracketed patterns that indicate suspicious behavior. The rule is triggered when the subject includes square brackets ('[' and ']') with particular characteristics. It specifically looks for patterns where the first two characters of the content inside the brackets are the same, followed by a numeric sequence and a structured tracking identifier. The use of regex ensures that the detection is focused on messages that exhibit these patterns, which are often found in credential phishing attempts. This method effectively filters and flags messages that are likely to be part of automated phishing campaigns, enhancing email security by enabling recognition of impersonation tactics and evasion techniques commonly used by attackers. The severity of this detection is considered 'high' due to the potential risks associated with phishing attacks that target sensitive user credentials.