alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET DELETED Known Fraudulent SSL Certificate"; flow:established,from_server; content:"|7a 13 4e 00 74 5b c6 78 63 64 27 c1 2f e2 a0 5b bc 79 c5 7b|"; content:"sef1941@gmail.com"; within:250; reference:url,contagiodump.blogspot.com/2011/06/jun-22-cve-2011-0611-pdf-swf-fruits-of.html; classtype:misc-activity; sid:2013223; rev:2; metadata:attack_target Client_Endpoint, created_at 2011_07_06, deployment Perimeter, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2019_07_26;)