alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET MALWARE ELF/Mirai Variant UA Inbound (b3astmode)"; flow:to_server,established; http.user_agent; content:"b3astmode"; fast_pattern; bsize:9; classtype:trojan-activity; sid:2035748; rev:1; metadata:affected_product Mac_OSX, affected_product Linux, attack_target Client_Endpoint, created_at 2022_04_05, deployment Perimeter, malware_family ELF_Mirai, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_04_05;)