Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Trojan.JS.Agent.dwz Checkin"; flow:established,to_server; http.request_body; content:!"|00|"; content:"|61 3d|"; depth:2; fast_pattern; byte_extract:2,12,byte0,relative; byte_test:2,=,byte0,30,relative; isdataat:!33,relative; http.header_names; content:!"Referer|0d 0a|"; reference:md5,f886dbf6bd47a0a015ef40fc2bed03a2; classtype:command-and-control; sid:2024848; rev:3; metadata:attack_target Client_Endpoint, created_at 2017_10_17, deployment Perimeter, performance_impact Moderate, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_13;)