alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING Base64 Encoded Executable over Raw TCP"; flow:established,to_client; content:"TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; nocase; fast_pattern; startswith; classtype:misc-activity; sid:2051681; rev:1; metadata:attack_target Client_and_Server, tls_state plaintext, created_at 2024_03_18, deployment Perimeter, confidence High, signature_severity Major, updated_at 2024_03_18; target:dest_ip;)