alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Dialer.MC(vf) HTTP Request - Checkin"; flow:established,to_server; http.uri; content:".php?"; content:"mode="; content:"&PartID="; content:"&mac="; http.user_agent; content:"Mozilla/3.0 (compatible|3b 20|Indy Library)"; depth:38; endswith; classtype:command-and-control; sid:2007913; rev:9; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_10_13;)