Rule History

alert udp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Linux/Dinodas RAT CnC Checkin - UDP"; dsize:52; content:"|00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 00|"; offset:4; content:"|00 00 00 00 50 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00|"; fast_pattern; distance:6; within:28; reference:url,securelist.com/dinodasrat-linux-implant/112284/; reference:md5,8138f1af1dc51cde924aa2360f12d650; classtype:trojan-activity; sid:2051868; rev:1; metadata:affected_product Linux, attack_target Client_and_Server, tls_state plaintext, created_at 2024_03_29, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_03_29; target:src_ip;)