alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Observed UAC-0050 CnC Activity"; flow:established,to_server; content:"|00 00 00 07 00 00 00 03 00 01 12 7e 00 00 00 01 2d 2d 0d 0a 00 00 00 40|"; startswith; reference:url,cert.gov.ua/article/6281202; classtype:command-and-control; sid:2057171; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_10_31, deployment Perimeter, confidence High, signature_severity Critical, tag UAC_0050, updated_at 2024_10_31;)