alert tcp any any -> any any (msg:"🐾 - 🚨 VxWorks 💣 DOS over RPC/TCP 🥷 - T1498.001"; flow:to_server, stateless; threshold:type limit, track by_src,count 1, seconds 180; content:"|80 00 00 28 72 fe 1d 13|"; fast_pattern; content:"|02 00 01 86 a0 00 01 97 7c|"; distance:7; content:"|00 00 00|"; endswith; target:dest_ip; reference:url,https://www.windriver.com/products/embedded/vxworks; reference:url,https://github.com/knownsec/VxPwn/blob/master/poc/crashVxWorks.py; metadata:created_at 2026_05_16, updated_at 2026_05_16, signature_severity Major, attack_target OT, affected_product VxWorks, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1498_001, mitre_technique_name Network_Denial_of_Service-Direct_Network_Flood; sid:3321489; rev:1; classtype:targeted-activity;)