ET MALWARE LinuxNet.perlbot Checkin Via IRC

SID: 2019921Rev: 30 views
History
Sourceet/open
CreatedDecember 11, 2014
UpdatedAugust 19, 2020
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE LinuxNet.perlbot Checkin Via IRC"; flow:to_server,established; content:"NICK|20 7c|GNU|7c 0a|"; depth:12; fast_pattern; content:"USER|20|GNU|20|"; within:9; pcre:"/(?:\d{1,3}\.){3}\d{1,3} (?:\d{1,3}\.){3}\d{1,3} \x3a(?:Linux|FreeBSD|SunOS)/R"; content:"|0a|JOIN|20|"; distance:0; classtype:command-and-control; sid:2019921; rev:3; metadata:created_at 2014_12_11, signature_severity Major, updated_at 2020_08_19;)

Metadata

created at2014_12_11
signature severityMajor
updated at2020_08_19

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!