Versions (3)
Version DetailsCurrent
Rev: 5 • Jan 13, 2016, 12:00 PMET MALWARE Linux/Torte Downloading Binary
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Linux/Torte Downloading Binary"; flow:established,to_server; urilen:8; http.uri; content:"/crond"; fast_pattern; pcre:"/^(?:32|64)$/R"; http.user_agent; content:"Mozilla/5.0 (Windows NT 6.1|3b 20|WOW64|3b 20|rv|3a|18.0) Gecko/20100101 Firefox/18.0"; endswith; depth:72; reference:url,blog.malwaremustdie.org/2016/01/mmd-0050-2016-incident-report-elf.html; classtype:trojan-activity; sid:2022357; rev:5; metadata:created_at 2016_01_13, confidence High, signature_severity Major, updated_at 2020_11_05;)
Jan 13, 2016, 12:00 PM
Nov 5, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules