Versions (3)
Version DetailsCurrent
Rev: 3 • Nov 20, 2019, 12:00 PMET HUNTING Generic IOT Downloader Malware in POST (Inbound)
alert http $EXTERNAL_NET any -> any any (msg:"ET HUNTING Generic IOT Downloader Malware in POST (Inbound)"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"wget"; content:".sh|3b 20|chmod +x|20|"; within:200; fast_pattern; content:"|3b 20|./"; within:100; classtype:bad-unknown; sid:2029011; rev:3; metadata:affected_product Linux, attack_target IoT, created_at 2019_11_20, deployment Perimeter, confidence Medium, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_04;)
Nov 20, 2019, 12:00 PM
Nov 4, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 22, 2025, 9:34 PM
rules/emerging-hunting.rules