ET DOS Trojan.BlackRev V1.Botnet HTTP Login POST Flood Traffic Inbound

SID: 2017722Rev: 40 viewsHistory

Sourceet/open

CreatedNovember 15, 2013

UpdatedApril 27, 2020

Classificationattempted-dos

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET DOS Trojan.BlackRev V1.Botnet HTTP Login POST Flood Traffic Inbound"; flow:established,to_server; threshold:type both, count 5, seconds 60, track by_src; http.method; content:"POST"; http.user_agent; content:"Mozilla/4.0 (compatible|3b 20|Synapse)"; fast_pattern; http.request_body; content:"login="; depth:6; content:"$pass="; within:50; reference:url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/; classtype:attempted-dos; sid:2017722; rev:4; metadata:created_at 2013_11_15, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_27;)

References

url	www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/

Metadata

created at2013_11_15

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_04_27

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!