alert tcp-pkt $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Linux/Dinodas RAT CnC Checkin - TCP"; flow:established,to_server; dsize:52; content:"|00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 00|"; offset:4; content:"|00 00 00 00 50 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00|"; fast_pattern; distance:6; within:28; reference:url,securelist.com/dinodasrat-linux-implant/112284/; classtype:trojan-activity; sid:2051869; rev:1; metadata:affected_product Linux, attack_target Client_and_Server, tls_state plaintext, created_at 2024_03_29, deployment Perimeter, malware_family Dinodas_RAT, performance_impact Low, confidence Medium, signature_severity Major, tag Dinodas_RAT, updated_at 2024_03_29; target:src_ip;)