Rule History

alert http any any -> any any (msg: "SPYWARE [PTsecurity] Metamorfo"; flow: established, to_server; content: "POST"; http_method; content: ".php"; http_uri; content: "Connection: keep-alive"; http_header; depth: 23; content: "Content-Type: application/x-www-form-urlencoded"; http_header; distance: 0; content: "Content-Length: "; http_header; distance: 0; content: "Host: "; http_header; distance: 0; content: "Accept: text/html,application/xhtml+xml,application/xml|3b|q="; http_header; distance: 0; content: "Host="; fast_pattern; http_client_body; depth: 5; content: !"Referer|3a|"; http_header; reference: url, https://app.any.run/tasks/7f89b953-a4fd-4a53-a957-1c83ddf1b1d2; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10010035; rev: 1;)