<div dir="ltr">alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Critx/Flashpack Flash Exploit Request"; flow:established,to_server; content:"POST"; http_method; content:"/imageclass/newgater.php"; http_uri; content:"fvers="; http_client_body; depth:6; classtype:trojan-activity; reference:md5,ce0fa5d811e0735369366b76b1efd07a; sid:123991; rev:1;)<br><br><div>alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Critx/Flashpack Payload Request"; flow:established,to_server; content:"/imageclass/load"; http_uri; content:".php"; http_uri; pcre:"/^\x2Fimageclass\x2Fload[a-z0-9]{5,15}\x2Ephp$/U"; classtype:trojan-activity; reference:md5,cce12efacf5800fb937d40bbf0b0c4b0; sid:123992; rev:1;)<br><br><br>Kind Regards,<br>Kevin Ross<br></div></div>