Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor.Win32/Dervec.gen Connectivity Check to Google"; flow:established,to_server; content:"|00 00 00 00 00 00 00 00 00 00|"; offset:35; depth:10; http.header; content:"HOST|3a 20|www.google.com|0d 0a|"; depth:22; fast_pattern; reference:md5,5eaae2d6a4b5d338b83ea5d97af93672; classtype:trojan-activity; sid:2019129; rev:12; metadata:created_at 2012_06_12, confidence Medium, signature_severity Major, updated_at 2020_11_03;)