alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Xaview Stealer Admin Panel Inbound"; flow:established,to_client; http.response_body; content:"|3c|title|3e|Xaview|20|Stealer|3c 2f|title|3e|"; fast_pattern; content:"/xaview.ico"; reference:url,twitter.com/Yeti_Sec/status/1638538133254881280; classtype:trojan-activity; sid:2044738; rev:2; metadata:attack_target Client_Endpoint, created_at 2023_03_22, deployment Perimeter, deployment SSLDecrypt, deprecation_reason Relevance, malware_family Xaview, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_11_17, reviewed_at 2023_11_17;)