alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Nitol.A Checkin M2"; flow:from_client,established; dsize:260; content:"MB|00 00|"; content:"Windows|20|"; distance:0; content:"V1.0|00 00|"; offset:180; fast_pattern; reference:md5,b9096b87cf643c5f86789d995e9e773d; classtype:command-and-control; sid:2020222; rev:1; metadata:created_at 2015_01_21, malware_family Win32_Nitol_A, signature_severity Major, updated_at 2023_01_11;)