diff --git a/network/c2/xtremerat-trojan.yaml b/network/c2/xtremerat-trojan.yaml
index 7a315de265..dc51d18180 100644
--- a/network/c2/xtremerat-trojan.yaml
+++ b/network/c2/xtremerat-trojan.yaml
@@ -25,8 +25,7 @@ tcp:
     read-size: 1024
 
     matchers:
-      - type: word
-        encoding: hex
-        words:
-          - "58"
+      - type: regex
+        regex:
+          - "^X$"
 # digest: 4a0a0047304502206fa95ec595a2933ca08a0326dbce0d411afd01de4b65c0c060b9d1317264e96e022100a648393498fd3a99b1aec95f74372fc476d2e484933f438b68468bc6efa642d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file