signature1
    condition1  server_name weixin.qq.com           suffix
	            server_name badjs.weixinbridge.com  exactly
				server_name wx.qq.com               substring
				server_name wx2.qq.com              substring
				server_name .we.qq.com              suffix
				server_name wup.browser.qq.com      suffix
				server_name .wexin.qq.com           suffix
				server_name mmbiz.qpic.cn           suffix
				server_name wx.qlogo.cn             substring
				tcp.payload.c2s_first_data  000000100010000100000006ffffffff  0 16 Rawbytes
				tcp.payload.s2c_first_data  000000100010000100000006ffffffff  0 16 Rawbytes
				ip.payload                  000000100010000100000006ffffffff  0 16 Rawbytes
				
				
signature2
	condition1  http.host  badjs.weixinbridge.com  exactly
	            http.host  wx.qq.com               substring
				http.host  wx2.qq.com              substring
				http.host  .we.qq.com              suffix
				http.host  wup.browser.qq.com      suffix
				http.uri   /micromsg-bin/		   substring
				http.host  .wexin.qq.com           suffix
                http.host  mmbiz.qpic.cn           suffix
                http.host  weixin.qq.com           substring
                http.host  wx.qlogo.cn             substring
                http.host  szextshort.weixin.qq.com substring
				
	condition2  http.user_agent  MicroMessenger     substring
				http.user_agent  WeChat             substring
				http.user_agent  557365722d4167656e743a204d6963726f4d657373656e67657220436c69656e740d0a  substring  Rawbytes
				tcp.payload.c2s_first_data  504f5354202f6d6d746c732f  0 12  Rawbytes
				ip.payload       			504f5354202f6d6d746c732f  0	12	Rawbytes
				
signature3
	condition1  dns.qry.name	weixin.qq.com       suffix
				dns.qry.name	badjs.weixinbridge.com  exactly
				dns.qry.name	wx.qq.com           substring
				dns.qry.name	wx2.qq.com			substring
				dns.qry.name	.we.qq.com			suffix
				dns.qry.name	wx.qlogo.cn			suffix
				dns.qry.name	wup.browser.qq.com	suffix
				dns.qry.name	.wexin.qq.com		suffix
				dns.qry.name	mmbiz.qpic.cn		suffix
				
signature4
	condition1	quic.sni		weixin.qq.com		suffix
				quic.sni		badjs.weixinbridge.com exactly
				quic.sni		wx.qq.com			substring
				quic.sni		wx2.qq.com			substring
				quic.sni		.we.qq.com			suffix
				quic.sni		wx.qlogo.cn			suffix
				quic.sni		wup.browser.qq.com	suffix
				quic.sni		.wexin.qq.com       suffix
				quic.sni		mmbiz.qpic.cn		suffix
				
signature5
	condition1	udp.payload.c2s_first_data		000000100010000100000006ffffffff  substring Rawbytes
				udp.payload.s2c_first_data		000000100010000100000006ffffffff  substring Rawbytes
				
signature6
	condition1	tcp.payload.c2s_first_data		ab00  				substring	Rawbytes
				tcp.payload.s2c_first_data		ab00  				substring   Rawbytes
				ip.payload						ab00  				substring   Rawbytes
				tcp.payload.c2s_first_data		77656978696e6e756d  substring   Rawbytes
				tcp.payload.s2c_first_data		77656978696e6e756d	substring   Rawbytes
				ip.payload						77656978696e6e756d  substring   Rawbytes
				udp.payload.c2s_first_data		ab00  				substring   Rawbytes
				udp.payload.s2c_first_data		ab00  				substring   Rawbytes
				udp.payload.c2s_first_data		77656978696e6e756d  substring   Rawbytes
				udp.payload.s2c_first_data		77656978696e6e756d  substring   Rawbytes
				
signature7
	condition1	tcp.payload.c2s_first_data		17f103				substring	Rawbytes
				tcp.payload.s2c_first_data		17f103				substring   Rawbytes
				ip.payload						17f103				substring   Rawbytes
				udp.payload.c2s_first_data		17f103				substring   Rawbytes
				udp.payload.s2c_first_data		17f103				substring   Rawbytes
				tcp.payload.c2s_first_data		16f103				substring   Rawbytes
				tcp.payload.s2c_first_data		16f103				substring   Rawbytes
				ip.payload						16f103				substring   Rawbytes
				udp.payload.c2s_first_data		16f103				substring   Rawbytes
				udp.payload.s2c_first_data		16f103				substring   Rawbytes
	condition2	tcp.dstport						8080-8080
				tcp.dstport						443-443
				tcp.dstport						80-80
				udp.dstport						8080-8080
				udp.dstport						80-80
				udp.dstport						443-443
				
signature8
	condition1	tcp.payload.c2s_first_data		0a210a0608021003180010	substring	Rawbytes
				tcp.payload.s2c_first_data		0a210a0608021003180010	substring   Rawbytes
				ip.payload						0a210a0608021003180010	substring   Rawbytes
				udp.payload.c2s_first_data		0a210a0608021003180010	substring   Rawbytes
				udp.payload.s2c_first_data		0a210a0608021003180010	substring   Rawbytes
	condition2	tcp.payload.c2s_first_data		0a480050001038			substring   Rawbytes
				tcp.payload.s2c_first_data		0a480050001038			substring   Rawbytes
				ip.payload						0a480050001038			substring   Rawbytes
				udp.payload.s2c_first_data		0a480050001038			substring   Rawbytes
				udp.payload.c2s_first_data		0a480050001038			substring   Rawbytes
				
signature9
	condition1	http.host						emoji.qpic.cn					substring
				tcp.payload.c2s_first_data		474554202f77785f656d6f6a692f	substring	Rawbytes
				tcp.payload.c2s_first_data		504f5354202f6d6d746c732f		substring	Rawbytes
				http.host						.weixin.qq.com					substring
	condition2	http.user_agent					MicroMessenger Client			substring
	condition3	tcp.payload.c2s_first_data		557365722d4167656e743a204d6963726f4d657373656e67657220436c69656e740d0a	substring	Rawbytes
	
signature10
	condition1	tcp.payload.s2c_first_data		17f104	0	3	Rawbytes
				tcp.payload.c2s_first_data		17f104	0	3   Rawbytes
				ip.payload						17f104	0	3   Rawbytes
				tcp.payload.c2s_first_data		16f104	0	3   Rawbytes
				tcp.payload.s2c_first_data		16f104	0	3   Rawbytes
				ip.payload						16f104	0	3   Rawbytes