alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE METALJACK APT32 CnC Host Checkin"; flow:established,to_server; http.uri; content:".png?CN="; fast_pattern; content:"&UN="; distance:0; content:"&C="; distance:0; reference:url,www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html; reference:md5,d739f10933c11bd6bd9677f91893986c; classtype:targeted-activity; sid:2029997; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_04_23, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_23;)