alert udp $EXTERNAL_NET any -> any any (msg:"ET SCAN ELF/Mirai Variant UDP (Inbound) M1"; content:"|38 C4 FB 98 76 1F FC FE F4 00 00 00 01 63 31 7B 62 36 3E B1 A8 93 A8 61 98 8B 11 2A 3F 7C 1E AA BF C0 63 AD B7 50 68 A0 D6 2D 0E 17 3D F8 D4 F4 39 69 8D 69 0D 7D|"; reference:url,rruzi.github.io/In-depth-Analysis-of-a-New-Mirai-Variant; reference:url,community.emergingthreats.net/t/et-scan-elf-mirai-variant/2303; classtype:trojan-activity; sid:2058707; rev:1; metadata:affected_product Linux, created_at 2024_12_31, malware_family Mirai, confidence High, signature_severity Major, tag IoT, updated_at 2024_12_31; target:dest_ip;)