alert tcp-pkt $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible W4SP Stealer CnC Checkin"; flow:established,to_server; content:"|7b 22|hostname|22 3a 22|"; startswith; content:"|22 2c 22|macAddress|22 3a 22|"; distance:0; fast_pattern; pcre:"/^([a-f0-9]{2}\:){5}[a-f0-9]{2}/R"; content:"|22 2c 22|username|22 3a 22|"; distance:0; reference:url,www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi; reference:md5,686f6d2fb8dd540052f2c698e8aff662; classtype:trojan-activity; sid:2049793; rev:1; metadata:affected_product Linux, attack_target Linux_Unix, created_at 2023_12_19, deployment Perimeter, malware_family W4SP_Stealer, performance_impact Low, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_12_19; target:src_ip;)