alert tcp any any -> $HOME_NET 6379 (msg:"ET HUNTING Redis Authenticated Remote Code Execution in bit Library (CVE-2024-31449)"; flow:established,to_server; content:"|2a 33 0d 0a|"; startswith; content:"eval|0d 0a|"; nocase; content:"bit"; content:"|2e|tohex|28|"; fast_pattern; reference:url,redrays.io/blog/redis-cve-2024-31449-how-to-reproduce-and-mitigate-the-vulnerability/; reference:cve,2024-31449; classtype:attempted-admin; sid:2057707; rev:1; metadata:affected_product Redis, attack_target Server, created_at 2024_11_19, cve CVE_2024_31449, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_11_19, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)