alert http $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Strela Stealer CnC Activity"; flow:established,to_server; urilen:7; http.uri; content:"/up.php"; fast_pattern; http.host; pcre:"/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/"; classtype:command-and-control; sid:2057722; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_11_19, deployment Perimeter, malware_family StrelaStealer, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_19;)