alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Possible Zend Framework Exploit (CVE-2021-3007)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/zend3/public/"; bsize:14; fast_pattern; http.request_body; content:"zend"; nocase; content:"validator"; nocase; distance:0; content:"callback"; nocase; distance:0; content:"file_put_contents"; nocase; reference:url,research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/; reference:cve,2021-3007; classtype:attempted-admin; sid:2031536; rev:1; metadata:created_at 2021_01_22, cve CVE_2021_3007, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_01_22;)