This context provides data after the first 8 bytes
and up to 7 packets of an unknown file we couldn’t otherwise identify.
xxd is a cli-based hex
editor; every byte after the 8th is provided up until 7 bytes is
seen. In this example the first 8 bytes are numbered to easily show
what wouldn’t be matched. Next are “A’s” followed by “shellcode”
in hex. You could block this file by adding ‘\x7368656c6c636f6465\x’ in
the “Pattern” field of the custom signature.