alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Miuref/Boaxxe Checkin"; flow:to_server,established; http.method; content:"POST"; nocase; http.header_names; content:!"Referer|0d 0a|"; http.request_body; content:"bB"; offset:2; depth:2; content:"MqrU"; within:20; content:"VAMU"; within:29; fast_pattern; reference:md5,79d1c8c33062324388d3d563f193a43b; reference:md5,ee3c562151cc9181c6d87602bbf0a285; reference:md5,a42797315c50e335f3de87f6cea61b77; classtype:command-and-control; sid:2019683; rev:7; metadata:created_at 2014_11_08, signature_severity Major, updated_at 2020_05_13;)