Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE FortDisco Reporting Status"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/cmd.php"; fast_pattern; endswith; http.user_agent; content:"|3b 20|Synapse"; http.request_body; content:"status="; depth:7; pcre:"/^\d$/R"; http.protocol; content:"HTTP/1.0"; http.header_names; content:"|0d 0a|Host|0d 0a|"; depth:8; reference:url,www.arbornetworks.com/asert/2013/08/fort-disco-bruteforce-campaign/; reference:md5,722a1809bd4fd75743083f3577e1e6a4; classtype:trojan-activity; sid:2017309; rev:6; metadata:created_at 2013_08_12, signature_severity Major, updated_at 2020_10_28;)