Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Dropper Checkin (often scripts.dlv4.com related)"; flow:established,to_server; http.method; content:"GET"; nocase; http.uri; content:"/Common/module.php?"; nocase; content:"brokerid="; nocase; content:"&product="; nocase; content:"&customid="; nocase; content:"&mediaid="; nocase; content:"&no_product_name="; nocase; content:"&extlogin="; nocase; classtype:command-and-control; sid:2010458; rev:11; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_04_21;)