Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE HB_Banker16 Get"; flow:to_server,established; http.method; content:"GET"; http.header; content:"Content-Type|3a 20|text/html|0d 0a|Host|3a|"; depth:30; fast_pattern; content:!"Indy Library"; http.user_agent; content:"Firefox/12.0"; http.header_names; content:"|0d 0a|Content-Type|0d 0a|Host|0d 0a|Accept|0d 0a|User-Agent|0d 0a 0d 0a|"; depth:44; endswith; classtype:trojan-activity; sid:2019608; rev:6; metadata:created_at 2014_10_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_28;)