ET MALWARE Linux/ShellshockCampaign.DDOSBot HOLD TCP Flood CnC Server Message

SID: 2019302Rev: 20 views
History
Sourceet/open
CreatedSeptember 29, 2014
UpdatedJuly 26, 2019
Classificationcommand-and-control
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Linux/ShellshockCampaign.DDOSBot HOLD TCP Flood CnC Server Message"; flow:established,to_client; content:"! HOLD "; depth:7; pcre:"/\x21\x20HOLD\x20\d{1,3}\x2E\d{1,3}\x2E\d{1,3}\x2E\d{1,3}/"; reference:url,research.zscaler.com/2014/09/shellshock-attacks-spotted-in-wild.html; reference:cve,2014-6271; classtype:command-and-control; sid:2019302; rev:2; metadata:created_at 2014_09_29, signature_severity Major, updated_at 2019_07_26;)

References

urlresearch.zscaler.com/2014/09/shellshock-attacks-spotted-in-wild.html
cve2014-6271

Metadata

created at2014_09_29
signature severityMajor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!