alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Suspected APT34 Related SSD Backdoor Activity (POST)"; flow:established,to_server; flowbits:set,ET.ssdbackdoor; http.method; content:"POST"; http.uri; content:"woxhuosbgpgcnlqzxipa"; fast_pattern; nocase; reference:url,research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/; classtype:trojan-activity; sid:2049047; rev:1; metadata:attack_target Web_Server, created_at 2023_11_02, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_11_02, reviewed_at 2023_11_02; target:dest_ip;)