alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE FrauDrop Checkin"; flow:established,to_server; http.uri; content:".asp?sn="; fast_pattern; content:"&tmac="; distance:0; content:"&action="; distance:0; content:"&ver="; distance:0; http.header; content:"Cache-Control|30 20|no-cache|0d 0a|"; http.header_names; content:"|0d 0a|User-Agent|0d 0a|Host|0d 0a|Cache-Control|0d 0a|"; reference:md5,0442e9d036a40c8cbd41f8f4c9afab1b; classtype:command-and-control; sid:2021103; rev:4; metadata:created_at 2015_05_15, signature_severity Major, updated_at 2024_03_10;)