Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Best Pack Exploit Pack Binary Load Request"; flow:established,to_server; content:".php?e="; http_uri; content:"&o="; http_uri; content:"&b="; http_uri; content:"&id="; http_uri; pcre:"/\.php\?e=\d+&o=\w+&b=\w+&id=[0-9a-f]{32}$/U"; reference:url,www.kahusecurity.com/2011/best-pack/; classtype:bad-unknown; sid:2013489; rev:3; metadata:created_at 2011_08_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)