Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Bamital Checkin"; flow:established,to_server; http.method; content:"GET"; http.uri; pcre:"/^\/[a-z0-9.&-]+(?:[a-z0-9]{4}-){3}[a-z0-9.&+-]+$/i"; http.user_agent; content:"Mozilla/5.0 (compatible|3b 20|MSIE 9.0|3b 20|Windows NT 6.1|3b 20|WOW64|3b 20|Trident/5.0)"; fast_pattern; http.header_names; content:!"Referer"; content:!"Accept-"; classtype:command-and-control; sid:2019756; rev:5; metadata:created_at 2014_11_20, signature_severity Major, updated_at 2020_08_17;)