Rule History

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Linux.Trojan.IptabLex Variant Checkin"; flow:to_server,established; dsize:157; content:"|77|"; depth:1; pcre:"/^[\x01\x03\x08\x09\x0b]\x00/R"; content:"|20 40 20|"; distance:0; content:"Hz"; nocase; within:15; reference:md5,019765009f7142a89af15aaaac7400cc; reference:url,blog.malwaremustdie.org/2014/06/mmd-0025-2014-itw-infection-of-elf.html; classtype:command-and-control; sid:2021050; rev:1; metadata:created_at 2015_05_04, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)