ET MALWARE Possible Backdoor.Linux.Tsunami Outbound HTTP request
Sourceet/open
CreatedMay 31, 2013
UpdatedApril 24, 2020
Classificationtrojan-activity
alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible Backdoor.Linux.Tsunami Outbound HTTP request"; flow:established,to_server; http.header; content:"|3a|80|0d 0a|"; http.user_agent; content:"Mozilla/4.75 [en] (X11|3b| U|3b| Linux 2.2.16-3 i686)"; reference:url,malwaremustdie.blogspot.jp/2013/05/story-of-unix-trojan-tsunami-ircbot-w.html; classtype:trojan-activity; sid:2016949; rev:4; metadata:created_at 2013_05_31, confidence Medium, signature_severity Major, updated_at 2020_04_24;)
Metadata
created at2013_05_31
confidenceMedium
signature severityMajor
updated at2020_04_24
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!