Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Adobe PDF Zero Day Trojan.666 Payload libarext32.dll Second Stage Download POST"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/index.php"; http.request_body; content:"lbarext32.blb"; reference:url,blog.fireeye.com/research/2013/02/the-number-of-the-beast.html; classtype:trojan-activity; sid:2016410; rev:4; metadata:created_at 2013_02_15, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_23;)