alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MSIL/DataMilk Stealer Communicating with CnC"; flow:established,to_server; content:"net|2e|tcp"; depth:15; content:"|2f|IModuleGetter"; within:40; fast_pattern; reference:url,app.any.run/tasks/f435d89d-30a5-465b-8a8d-b7a042665e0e; classtype:command-and-control; sid:2027112; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2019_03_25, deployment Perimeter, malware_family DataMilk, performance_impact Low, confidence High, signature_severity Major, tag Stealer, updated_at 2020_08_19;)