Versions (2)
Version DetailsCurrent
Rev: 1 • Sep 29, 2014, 12:00 PMET MALWARE Linux/ShellshockCampaign.DDOSBot Reporting IP
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Linux/ShellshockCampaign.DDOSBot Reporting IP"; flow:established,to_server; dsize:<24; content:"My IP|3A| "; depth:7; pcre:"/My\x20IP\x3A\x20\d{1,3}\x2E\d{1,3}\x2E\d{1,3}\x2E\d{1,3}\x0A/"; reference:url,research.zscaler.com/2014/09/shellshock-attacks-spotted-in-wild.html; reference:cve,2014-6271; classtype:trojan-activity; sid:2019294; rev:1; metadata:created_at 2014_09_29, cve CVE_2014_6271, signature_severity Major, updated_at 2019_07_26;)Sep 29, 2014, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 29, 2014, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules