alert http $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Win32/Atlantida Stealer Sending System Information (POST)"; flow:established,to_server; urilen:1; http.method; content:"POST"; http.content_type; content:"application/x-www-form-urlencoded"; bsize:33; http.header_names; content:"|0d 0a|Content-Type|0d 0a|Host|0d 0a|Content-Length|0d 0a|Expect|0d 0a|Connection|0d 0a 0d 0a|"; http.request_body; content:"<Log>"; startswith; fast_pattern; reference:url,twitter.com/crep1x/status/1626280164547076100; reference:md5,4f8e6f6b2f467fd50baa4af93225142f; reference:md5,4d654ec643ef50f03ee3599db0265602; reference:md5,c6b5bbc3111f1d93c2d42b58948231c2; classtype:trojan-activity; sid:2044290; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_02_22, deployment Perimeter, malware_family Win32_Atlantida, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_02_22; target:src_ip;)