Rule History

SID: 2027841 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 1 • Aug 9, 2019, 12:00 PM

Message:

ET MALWARE ELF/Emptiness v1.1 DNS Flood Command Inbound

Rule:

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE ELF/Emptiness v1.1 DNS Flood Command Inbound"; flow:established,from_server; content:"LmRucy"; depth:6; fast_pattern; pcre:"/^(?:[A-Z0-9+/]{4})*(?:[A-Z0-9+/]{2}==|[A-Z0-9+/]{3}=|[A-Z0-9+/]{4})$/i"; reference:url,blog.netlab.360.com/emptiness-a-new-evolving-botnet/; classtype:trojan-activity; sid:2027841; rev:1; metadata:affected_product Linux, created_at 2019_08_09, malware_family Emptiness, confidence High, signature_severity Major, tag DDoS, updated_at 2019_08_09;)

Created:

Aug 9, 2019, 12:00 PM

Updated:

Aug 9, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Sep 21, 2024, 3:00 AM

Filename:

rules/emerging-malware.rules