Rule History

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Linux/ShellshockCampaign.DDOSBot Terminate Process CnC Server Message"; flow:established,to_client; dsize:12; content:"! LOLNOGTFO|0A|"; depth:12; reference:url,research.zscaler.com/2014/09/shellshock-attacks-spotted-in-wild.html; reference:cve,2014-6271; classtype:command-and-control; sid:2019304; rev:2; metadata:created_at 2014_09_29, cve CVE_2014_6271, signature_severity Major, updated_at 2019_07_26;)