alert tcp [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET MALWARE Mirai pTea Variant - Attack Command Outbound"; flow:established,from_server; dsize:<70; content:"|ad af fe 7f|"; startswith; reference:url,blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability/; classtype:command-and-control; sid:2033242; rev:2; metadata:affected_product Linux, attack_target Server, created_at 2021_07_05, deployment Perimeter, deprecation_reason False_Positive, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_10_10;)