alert tcp $HOME_NET any -> $EXTERNAL_NET [8000,8080] (msg:"MALWARE-CNC Win.Trojan.Wiper variant outbound connection"; flow:to_server,established; dsize:42; content:"(|00|"; depth:2; content:"|04 00 00 00|"; within:4; distance:36; metadata:impact_flag red, policy security-ips drop; reference:url,virustotal.com/en/file/e2ecec43da974db02f624ecadc94baf1d21fd1a5c4990c15863bb9929f781a0a/analysis/; classtype:trojan-activity; sid:32674; rev:2;)