Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Zeus GET Request to CnC"; flow:established,to_server; content:"GET"; http_method; content:"HTTP/1.1|0D 0A|Accept|3a| */*|0D 0A|User-Agent|3a|"; content:!"Content-Type|3a| "; http_header; content:"|0d 0a|Content-Length|3a| "; content:!"0"; within:1; content:"Connection|3a| Keep-Alive|0D 0A|Cache-Control|3a| no-cache|0D 0A 0D 0A|"; classtype:command-and-control; sid:2011817; rev:4; metadata:created_at 2010_10_14, signature_severity Unknown, updated_at 2020_08_20;)