alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Jasmin Ransomware Panel Activity (Response)"; flow:established,to_client; file.data; content:"content=|22|3|3b|url=login.php|22 20 2f 3e|"; content:"<title>Jasmin Dashboard</title>"; fast_pattern; content:"<span class=|22|text|22 3e 20|Jasmin Dashboard</span>"; reference:url,github.com/codesiddhant/Jasmin-Ransomware/; classtype:trojan-activity; sid:2045123; rev:2; metadata:attack_target Client_Endpoint, created_at 2023_04_21, deployment Perimeter, performance_impact Low, confidence High, signature_severity Minor, updated_at 2023_04_26; target:dest_ip;)