alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Win32/TA402 CnC Response M1"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"|0a 3c|html|3e 0a 3c|head|3e 3c|title|3e 20|Response|20 3c 2f|title|3e 3c 2f|head|3e 0a 3c|body|3e 3c|code|20|id|3d 22|code|22 3e|"; startswith; fast_pattern; classtype:trojan-activity; sid:2049154; rev:1; metadata:attack_target Client_and_Server, created_at 2023_08_16, deployment Perimeter, deployment SSLDecrypt, malware_family Win32_TA402, performance_impact Low, confidence High, signature_severity Critical, tag TA402, updated_at 2023_11_13, reviewed_at 2023_08_16, former_sid 2855110; target:src_ip;)