Rule History

SID: 2019300 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 2 • Sep 29, 2014, 12:00 PM

Message:

ET MALWARE Linux/ShellshockCampaign.DDOSBot UDP Flood CnC Server Message

Rule:

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Linux/ShellshockCampaign.DDOSBot UDP Flood CnC Server Message"; flow:established,to_client; content:"! UDP "; depth:6; pcre:"/\x21\x20UDP\x20\d{1,3}\x2E\d{1,3}\x2E\d{1,3}\x2E\d{1,3}/"; reference:url,research.zscaler.com/2014/09/shellshock-attacks-spotted-in-wild.html; reference:cve,2014-6271; classtype:command-and-control; sid:2019300; rev:2; metadata:created_at 2014_09_29, cve CVE_2014_6271, signature_severity Major, updated_at 2019_07_26;)

Created:

Sep 29, 2014, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 29, 2014, 12:00 PM

DB Updated:

Sep 10, 2024, 1:01 PM

Filename:

rules/emerging-malware.rules