Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Swrort.A Checkin 3"; flow:to_server,established; http.method; content:"GET"; nocase; http.uri; content:".php?/12345"; endswith; http.header_names; content:!"User-Agent|0d 0a|"; content:!"Referer|0d 0a|"; content:"|0d 0a|Host|0d 0a|Connection|0d 0a|Cache-Control|0d 0a 0d 0a|"; startswith; reference:md5,24203ba70f584b64a432fb6dad52765d; classtype:command-and-control; sid:2022186; rev:3; metadata:created_at 2015_11_25, malware_family Win32_Swrort_A, signature_severity Major, updated_at 2020_06_09;)