alert tcp $EXTERNAL_NET 1919 -> $HOME_NET any (msg:"ET MALWARE Panchan Mining Rig CnC Activity (Inbound)"; flow:established,to_client; content:"pan|2d|chan|27|s mining rig hi|21 0a|sharepeer|20|"; startswith; fast_pattern; pcre:"/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/R"; content:"|0a|sharepeer"; within:30; reference:url,github.com/akamai/akamai-security-research/tree/main/malware/panchan; classtype:command-and-control; sid:2036998; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_06_15, deployment Perimeter, confidence High, signature_severity Major, tag Coinminer, updated_at 2023_03_15, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1496, mitre_technique_name Resource_Hijacking;)