alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE URI Struct Observed in Pawn Storm CVE-2015-2950"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/?p2="; content:"&recr="; distance:0; fast_pattern; content:"&p3="; distance:0; content:"&as="; distance:0; content:"&c="; distance:0; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/; classtype:trojan-activity; sid:2021560; rev:3; metadata:created_at 2015_07_31, cve CVE_2015_2950, signature_severity Major, updated_at 2020_05_29;)