Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Buer - DomainInfo User-Agent"; flow:established,to_server; http.user_agent; content:"|6e 71 71 66 34 3a 33 35 25 2d 46 75 75 71 6a 32 6e 55 6d 74 73 6a 3c 48 37 34 36 37 35 37 33 39 3b 3b 40 25 5a 40 25 48 55 5a 25 71 6e 70 6a 25 52 66 68 25 54 58 25 5d 40 25 6a 73 2e 25 46 75 75 71 6a 5c 6a 67 50 6e 79 34 39 37 35 30 25 2d 50 4d 59 52 51 31 25 71 6e 70 6a 25 4c 6a 68 70 74 2e 25 5b 6a 77 78 6e 74 73 34 38 33 35 25 52 74 67 6e 71 6a 34 36 46 3a 39 38 25 58 66 6b 66 77 6e 34 39 36 3e 33 38|"; reference:md5,0731679c5f99e8ee65d8b29a3cabfc6b; classtype:trojan-activity; sid:2032892; rev:1; metadata:created_at 2021_04_30, malware_family Buer, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_04_30;)