alert tcp-pkt any any -> any any (msg:"ET MALWARE LinPEAS Privilege Escalation Script Response (With Banner)"; flow:established,to_client; content:"|0a 20 20 20 20 1b 5b 31 3b 33 32 6d 2f 2d 2d 2d|"; startswith; content:"Do|20|you|20|like|20|PEASS|3f|"; distance:110; within:30; fast_pattern; reference:url,github.com/carlospolop/PEASS-ng/tree/master/linPEAS; classtype:trojan-activity; sid:2037229; rev:1; metadata:affected_product Linux, attack_target Client_and_Server, created_at 2022_06_30, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_06_30;)