alert tcp-pkt $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET MALWARE Win32/CrimsonRAT Activity (Inbound)"; flow:established,to_client; dsize:<20; content:"|00 00 00 00|"; offset:1; depth:4; content:"|79 32|"; distance:2; within:2; fast_pattern; content:"|3d|"; distance:2; within:3; reference:md5,e55e497ceadd037254e847187b6996da; reference:url,twitter.com/RedDrip7/status/1622908094606094338; classtype:trojan-activity; sid:2044147; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_02_08, deployment Perimeter, malware_family CrimsonRAT, performance_impact Moderate, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_02_08; target:dest_ip;)