alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Linux/Torte Downloading Binary"; flow:established,to_server; urilen:8; http.uri; content:"/crond"; fast_pattern; pcre:"/^(?:32|64)$/R"; http.user_agent; content:"Mozilla/5.0 (Windows NT 6.1|3b 20|WOW64|3b 20|rv|3a|18.0) Gecko/20100101 Firefox/18.0"; endswith; depth:72; reference:url,blog.malwaremustdie.org/2016/01/mmd-0050-2016-incident-report-elf.html; classtype:trojan-activity; sid:2022357; rev:5; metadata:created_at 2016_01_13, confidence High, signature_severity Major, updated_at 2020_11_05;)