alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible Bedep Connectivity Check"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/stats/eurofxref/eurofxref-hist-90d.xml?"; fast_pattern; pcre:"/\?[a-z0-9]{32}$/"; http.host; content:"www.ecb.europa.eu"; bsize:17; classtype:trojan-activity; sid:2019400; rev:7; metadata:created_at 2014_10_15, deprecation_reason Relevance, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_21, reviewed_at 2024_03_21;)