Versions (3)
Version DetailsCurrent
Rev: 2 • Apr 25, 2017, 12:00 PMET HUNTING ARM Binary Downloaded via WGET Containing Suspicious Netcat Command - Possible IoT Malware
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING ARM Binary Downloaded via WGET Containing Suspicious Netcat Command - Possible IoT Malware"; flow:from_server,established; flowbits:isset,ET.armwget; content:"|25|24|25|28nc+"; content:"+-e+|25|2Fbin|25|2Fsh|25|29"; within:50; fast_pattern; reference:url,blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-81-en/; classtype:trojan-activity; sid:2024241; rev:2; metadata:attack_target IoT, created_at 2017_04_25, deployment Perimeter, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Apr 25, 2017, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-hunting.rules