alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Winnti CnC Activity (Outbound)"; flow:established,to_server; content:"|38 34 38 39 32 33 4a 4e 4e 57 57 41|"; offset:4; depth:12; reference:url,twitter.com/naumovax/status/1792902386295394629; classtype:trojan-activity; sid:2052804; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_05_21, deployment Perimeter, malware_family Winnti, confidence High, signature_severity Critical, updated_at 2024_05_21;)