alert tcp any any -> $HOME_NET any (msg:"🐾 - Backdoor.BEACON"; flow:from_server; content:"<meta name=\"msvalidate.01\" content=\"ECEE9516DDABFC7CCBBF1EACC04CAC20\">"; content:"<meta name=\"google-site-verification\" content=\"CD5EF1FCB54FE29C838ABCBBE0FA57AE\">"; reference:url,https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html; reference:url,https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-026/; reference:url,https://github.com/fireeye/sunburst_countermeasures; metadata:created_at 2020_12_19, updated_at 2020_12_19; sid:3309603; rev:1; classtype:trojan-activity;)