Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Zollard PHP Exploit UA Outbound"; flow:established,to_server; http.user_agent; content:"Zollard"; nocase; fast_pattern; reference:cve,2012-1823; reference:url,blogs.cisco.com/security/the-internet-of-everything-including-malware/; classtype:trojan-activity; sid:2017825; rev:6; metadata:created_at 2013_12_10, cve CVE_2012_1823, signature_severity Major, updated_at 2020_11_19;)