Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible Deep Panda User-Agent"; flow:established,to_server; http.header; content:!"Host|3a 20|iecvlist.microsoft.com"; http.user_agent; content:"Mozilla/4.0 |28|compatible|3b 20|MSIE 8.0|3b 20|Windows NT 6.1|3b 20|WOW64|3b 20|Trident/4.0|3b 20|SLCC2|3b 20|.NET CLR 2.0.50727|3b 20|.NET CLR 3.5.30729|3b 20|.NET CLR 3.0.30729|3b 20|Media Center PC 6.0|29 |"; depth:158; endswith; fast_pattern; http.header_names; content:!"Accept"; content:!"Referer|0d 0a|"; reference:md5,5acc539355258122f8cdc7f5c13368e1; classtype:trojan-activity; sid:2020380; rev:6; metadata:created_at 2015_02_06, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2024_04_08;)