alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER WEBSHELL Linux/Torte Uploaded"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"JGVudiA9ICJYRFZTTl9TRVNTSU9OX0NPT0tJR"; fast_pattern; content:"eval(base64_decode($_REQUEST["; reference:url,blog.malwaremustdie.org/2016/01/mmd-0050-2016-incident-report-elf.html; classtype:attempted-admin; sid:2022359; rev:4; metadata:created_at 2016_01_13, signature_severity Major, updated_at 2020_10_05;)