Versions (3)
Version DetailsCurrent
Rev: 4 • Nov 15, 2013, 12:00 PMET DOS Trojan.BlackRev V1.Botnet HTTP Login POST Flood Traffic Inbound
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET DOS Trojan.BlackRev V1.Botnet HTTP Login POST Flood Traffic Inbound"; flow:established,to_server; threshold:type both, count 5, seconds 60, track by_src; http.method; content:"POST"; http.user_agent; content:"Mozilla/4.0 (compatible|3b 20|Synapse)"; fast_pattern; http.request_body; content:"login="; depth:6; content:"$pass="; within:50; reference:url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/; classtype:attempted-dos; sid:2017722; rev:4; metadata:created_at 2013_11_15, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_27;)
Nov 15, 2013, 12:00 PM
Apr 27, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 3, 2025, 8:34 PM
rules/emerging-dos.rules