alert tcp $EXTERNAL_NET any -> $HOME_NET [135:139,445,1025] (msg:"E2[rb] SHELLCODE x86 inc ebx NOOP"; content:"CCCCCCCCCCCCCCCCCCCCCCCC"; classtype:shellcode-detect; sid:299998; rev:1;)
alert ip $EXTERNAL_NET $SHELLCODE_PORTS -> $HOME_NET any (msg:"E2[rb] REGISTERED FREE SHELLCODE x86 inc ebx NOOP"; content:"CCCCCCCCCCCCCCCCCCCCCCCC"; classtype:shellcode-detect; sid:21390; rev:5;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"E3[rb]  BotHunter MALWARE executable upload"; flow:established,to_server; content:"ftp"; content: "echo"; content: ".exe"; nocase; classtype: misc-activity; sid:3000006; rev:99; )
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"E3[rb] ET ATTACK RESPONSE Unusual FTP Server Banner on High Port (StnyFtpd)"; flow:established,from_server; dsize:<30; content:"220 StnyFtpd"; depth:12; offset:0; nocase; classtype:trojan-activity; tag:session; sid:2007726; rev:2;)
alert tcp $EXTERNAL_NET !20 -> $HOME_NET any (msg:"E3[rb] BLEEDING-EDGE Malware Windows executable sent from remote host";  content: "MZ"; content: "This program cannot be run in DOS mode"; flow: established; sid:2001683; rev:3;)
alert tcp $EXTERNAL_NET !20 -> $HOME_NET any (msg:"E3[rb] BotHunter Malware Windows executable (PE) sent from remote host";  content: "MZ"; content: "PE|00 00|"; within:250; flow: established; sid:5001684; rev:99;)