ET MALWARE ELF/muBoT IRC Activity 6 (SOCKS)

SID: 2022189Rev: 10 views
History
Sourceet/open
CreatedNovember 26, 2015
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE ELF/muBoT IRC Activity 6 (SOCKS)"; flow:established,to_server; content:"NOTICE "; content:"|3a|REWRITING|0a|"; fast_pattern; distance:0; content:"|0a|to|0a|"; distance:0; pcre:"/^NOTICE [^\r\n]+? \x3aREWRITING\x0a[^\r\n]+?\x0ato\x0a[^\r\n]+?\x0a/s"; reference:url,blog.malwaremustdie.org/2015/11/mmd-0044-2015-source-code-disclosure.html; classtype:trojan-activity; sid:2022189; rev:1; metadata:affected_product Linux, created_at 2015_11_26, malware_family ELF_muBoT, signature_severity Major, updated_at 2019_07_26;)

References

urlblog.malwaremustdie.org/2015/11/mmd-0044-2015-source-code-disclosure.html

Metadata

affected productLinux
created at2015_11_26
malware familyELF_muBoT
signature severityMajor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!