Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Linux/Torte Checkin"; flow:established,to_server; http.uri; content:"/logo.gif?sessd="; fast_pattern; content:"&sessc="; content:"&sessk="; distance:0; http.header; pcre:"/^(?:zh-CN|en-US)\x3b rv\x3a1\.7\.6\)\r\n/R"; http.user_agent; content:"Mozilla/5.0 (Windows|3b 20|U|3b 20|Windows NT 5.1|3b 20|"; startswith; reference:url,blog.malwaremustdie.org/2016/01/mmd-0050-2016-incident-report-elf.html; classtype:command-and-control; sid:2022358; rev:5; metadata:created_at 2016_01_13, confidence High, signature_severity Major, updated_at 2020_10_05;)