alert tcp $HOME_NET any -> $HOME_NET 445 ( msg:"MALWARE-CNC Win.Ransomware.Conti variant network share readme file detected"; flow:to_server,established; content:"encrypted by CONTI",fast_pattern,nocase; metadata:impact_flag red,policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop; service:netbios-ssn; reference:url,www.virustotal.com/gui/search/bc87bb72ce1ab19b2cff617a894fc1acf30bd3f9d2994235189ca8e5057fb354; classtype:trojan-activity; sid:58944; rev:1; )