alert tcp $HOME_NET any -> $EXTERNAL_NET [!80,!443] (msg:"ET MALWARE Win32/Numando Banker CnC Activity"; flow:established,to_server; content:"<|7c|>1<|7c|>"; offset:7; content:"<|7c|>Microsoft|20|Windows"; distance:0; content:"<|7c|>0<|7c|>"; distance:0; reference:md5,fec2f560619b88d9846fe03db6841e91; reference:url,www.welivesecurity.com/2021/09/17/numando-latam-banking-trojan/; classtype:trojan-activity; sid:2033983; rev:2; metadata:attack_target Client_Endpoint, created_at 2021_09_17, deployment Perimeter, malware_family Win32_Numando, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_04_18, reviewed_at 2023_08_22;)