alert tcp-pkt $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Bitter APT AlmondRAT CnC Checkin"; dsize:<150; flow:established,to_server; content:"|00 2a 00|"; pcre:"/^(?:[A-F0-9]\x00){12}/R"; content:"|2a 00|W|00|i|00|n|00|d|00|o|00|w|00|s|00 20 00|"; fast_pattern; reference:url,www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh; classtype:trojan-activity; sid:2037717; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2022_07_07, deployment Perimeter, malware_family AlmondRAT, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_07_07;)