alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET MALWARE Upatre SSL Compromised site kionic"; flow:established,to_client; content:"|55 04 03|"; content:"|0a|kionic.com"; distance:1; within:11; nocase; reference:url,blog.malwaremustdie.org/2014/04/upatre-downloading-gmo-is-back-to-ssl.html; classtype:trojan-activity; sid:2018351; rev:2; metadata:created_at 2014_04_03, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)