alert http any any -> any any (msg:"LOADER [PTsecurity] Latrodectus"; flow:established, to_server; http.method; content:"POST"; urilen:>7; http.header; content:"User-Agent: Mozilla/5.0 (Windows NT 10.0|3b| Win64|3b| x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"; content:"Connection: Keep-Alive"; content:"Cache-Control: no-cache"; content:!"Referer"; http.request_body; content:"393b03dfe0772d1d5cbdd183c97f7ce6"; depth:32; fast_pattern; reference:url, https://app.any.run/tasks/4081d674-449f-4a16-9710-13f1a6236c3c; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10011642; rev:1;)