alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"|fc 48 83 e4 f0 eb 33 5d 8b 45 00 48 83 c5 04 8b|"; startswith; fast_pattern; reference:md5,a133c9d87aa58e8cb1a6c0f413bf5dbd; reference:url,github.com/giMini/PowerMemory/blob/master/PowerProcess/Inject-ShellCodeInProcess.ps1; reference:url,cisa.gov/uscert/ncas/alerts/aa21-265a; classtype:trojan-activity; sid:2035442; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_03_11, deployment Perimeter, malware_family Cobalt_Strike, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_03_11, reviewed_at 2023_10_16;)