Versions (3)
Version DetailsCurrent
Rev: 2 • Sep 29, 2014, 12:00 PMET MALWARE Linux/ShellshockCampaign.DDOSBot HOLD TCP Flood CnC Server Message
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Linux/ShellshockCampaign.DDOSBot HOLD TCP Flood CnC Server Message"; flow:established,to_client; content:"! HOLD "; depth:7; pcre:"/\x21\x20HOLD\x20\d{1,3}\x2E\d{1,3}\x2E\d{1,3}\x2E\d{1,3}/"; reference:url,research.zscaler.com/2014/09/shellshock-attacks-spotted-in-wild.html; reference:cve,2014-6271; classtype:command-and-control; sid:2019302; rev:2; metadata:created_at 2014_09_29, signature_severity Major, updated_at 2019_07_26;)
Sep 29, 2014, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules