Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible Godzilla Loader Base64 Filename"; flow:from_server,established; http.stat_code; content:"200"; http.cookie; content:"|47 4f 44 5a 49 4c 4c 41|"; file.data; content:"<div style=|22|display|3a|none|22 20|id=|22|"; depth:30; fast_pattern; pcre:"/^(?P<id>[a-z])\x22\sname=\x22(?P=id)\x22>[a-zA-Z0-9+/=]{28}/Rsi"; content:"</div>"; within:6; classtype:trojan-activity; sid:2022594; rev:5; metadata:created_at 2016_03_05, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_19;)