alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Saker UA"; flow:established,to_server; http.user_agent; content:"Mozilla/"; depth:8; content:"|20|MSIE|20|"; distance:0; content:"|3b 20|Wis NT|20|"; distance:0; fast_pattern; content:"|3b 20|.NET CLR|20|"; distance:0; reference:url,www.fireeye.com/blog/technical/malware-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html; reference:md5,b362f833c9d6e5bed19aeec5a5b868ea; classtype:trojan-activity; sid:2018321; rev:8; metadata:created_at 2014_03_26, deprecation_reason Age, signature_severity Major, updated_at 2024_02_21, reviewed_at 2024_02_21;)