alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Spy.Odlanor CnC Checkin"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".php?m="; content:"&v="; distance:0; content:"&os="; distance:0; content:"&c="; distance:0; content:"&u="; distance:0; http.request_body; pcre:"/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i"; http.header_names; content:!"User-Agent|0d 0a|"; content:!"Accept"; content:!"Referer|0d 0a|"; reference:md5,ce19c30ffda76cd63a88eeb8af0340f0; reference:url,welivesecurity.com/2015/09/17/the-trojan-games-odlanor-malware-cheats-at-poker/; classtype:command-and-control; sid:2021800; rev:3; metadata:created_at 2015_09_18, malware_family Win32_Spy_Odlanor, signature_severity Major, updated_at 2020_06_01;)