alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Redline Stealer TCP CnC Activity"; flow:established,to_server; dsize:<60; content:"|00 01 00 01 02 02 21|net|2e|tcp|3a 2f 2f|"; startswith; fast_pattern; content:"|2f 03 08 0c|"; endswith; reference:md5,b8c2aef5c38e827a7773c2efd0cfe310; reference:url,twitter.com/crep1x/status/1666132533912776725; classtype:trojan-activity; sid:2046104; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2023_06_06, deployment Perimeter, malware_family Redline, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_06_06;)