alert tcp-pkt any any -> [$HOME_NET,$HTTP_SERVERS] 22 (msg:"ET EXPLOIT Possible SolarWinds Serv-U SSH RCE Inbound M2 (CVE-2021-35211)"; flow:established,to_server; dsize:>150; content:"SSH-2.0-|0d 0a|"; fast_pattern; content:"|ec 19 0e 80 01|"; distance:0; reference:url,microsoft.com/security/blog/2021/09/02/a-deep-dive-into-the-solarwinds-serv-u-ssh-vulnerability/; reference:cve,2021-35211; classtype:attempted-admin; sid:2033894; rev:1; metadata:attack_target Server, created_at 2021_09_02, cve CVE_2021_35211, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2021_09_02, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)