alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Trustezeb Checkin to CnC"; flow:established,to_server; http.uri; content:".php?id="; content:"&stat="; fast_pattern; distance:0; pcre:"/id=[A-F0-9]{20}/"; http.user_agent; content:"Mozilla/4.0 (compatible|3b 20|MSIE 6.0b|3b 20|Windows NT 5.0|3b 20|.NET CLR 1.0.2914)"; startswith; reference:url,www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=417; classtype:command-and-control; sid:2014283; rev:4; metadata:created_at 2012_02_24, signature_severity Major, updated_at 2020_04_21;)