Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE ConstructorWin32/Agent.V"; flow:to_server,established; http.header; content:"|0d 0a|Pragma|3a 20|no-catch|0d 0a|"; http.request_line; content:"GET http://"; depth:11; http.content_len; byte_test:0,=,0,0,string,dec; http.header_names; content:"X-HOST|0d 0a|"; reference:md5,3305ad96bcfd3a406dc9daa31e538902; classtype:trojan-activity; sid:2014643; rev:10; metadata:created_at 2012_04_26, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_09;)