alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET USER_AGENTS Observed Malicious User-Agent (CobaltStrike)"; flow:to_server,established; http.user_agent; content:"Mozilla/5.0_Frsg_stredf_o21_crown_type"; startswith; fast_pattern; reference:md5,b8b7a10dcc0dad157191620b5d4e5312; classtype:trojan-activity; sid:2035537; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_03_18, deployment Perimeter, malware_family Cobalt_Strike, confidence High, signature_severity Major, updated_at 2022_03_18, reviewed_at 2024_05_07, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1001, mitre_technique_name Data_Obfuscation;)