alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Sisproc"; flow:established,to_server; content:"/page_"; content:"Cookie|3a 20|XX=0|3b 20|BX=0"; reference:url,www.fireeye.com/blog/technical/malware-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html; reference:md5,aaf73666cbd750ed22b80ed836d2b1e4; classtype:trojan-activity; sid:2018320; rev:3; metadata:created_at 2014_03_26, malware_family Win32_Sisproc, signature_severity Major, updated_at 2019_07_26;)