Versions (3)
Version DetailsCurrent
Rev: 3 • Jul 5, 2021, 12:00 PMET MALWARE Mirai pTea Variant - Attack Command Inbound
alert tcp any [!80] -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET MALWARE Mirai pTea Variant - Attack Command Inbound"; flow:established,to_server; dsize:<70; content:"|ad af fe 7f|"; startswith; reference:url,blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability/; classtype:command-and-control; sid:2033243; rev:3; metadata:affected_product Linux, attack_target Server, created_at 2021_07_05, deployment Perimeter, deprecation_reason False_Positive, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_10_10;)
Jul 5, 2021, 12:00 PM
Oct 10, 2022, 12:00 PM
Jul 5, 2021, 12:00 PM
Sep 10, 2025, 9:34 PM
rules/emerging-malware.rules