Versions (2)
Version DetailsCurrent
Rev: 17 • Jul 30, 2010, 12:00 PMET MALWARE IRC Potential bot command response
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE IRC Potential bot command response"; flow:established,to_server; content:"PRIVMSG "; depth:8; content:"|3a|"; within:30; pcre:"/((T?FTP)\x3a File transfer|(random|sequential) Port Scan|Random (Spreading|Scanner)|Exploiting IP|Exploiting\.\.|flooding\x3a|flood stopped|sending packets)|Random Method started|FINDFILE|Scan stopped|No scan thread found|thread\(s\) stopped|\x3aExec /i"; classtype:trojan-activity; sid:2002033; rev:17; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2019_07_26;)
Jul 30, 2010, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules