Versions (3)
Version DetailsCurrent
Rev: 3 • Dec 11, 2014, 12:00 PMET MALWARE LinuxNet.perlbot Checkin Via IRC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE LinuxNet.perlbot Checkin Via IRC"; flow:to_server,established; content:"NICK|20 7c|GNU|7c 0a|"; depth:12; fast_pattern; content:"USER|20|GNU|20|"; within:9; pcre:"/(?:\d{1,3}\.){3}\d{1,3} (?:\d{1,3}\.){3}\d{1,3} \x3a(?:Linux|FreeBSD|SunOS)/R"; content:"|0a|JOIN|20|"; distance:0; classtype:command-and-control; sid:2019921; rev:3; metadata:created_at 2014_12_11, signature_severity Major, updated_at 2020_08_19;)
Dec 11, 2014, 12:00 PM
Aug 19, 2020, 12:00 PM
Dec 11, 2014, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules