ET MALWARE ELF/lizkebab CnC Activity (Flooding 1)

SID: 2022213Rev: 20 views
History
Sourceet/open
CreatedDecember 3, 2015
UpdatedOctober 8, 2019
Classificationcommand-and-control
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE ELF/lizkebab CnC Activity (Flooding 1)"; flow:established,to_server; content:"|20|Flooding|20|"; fast_pattern; content:"|20|for|20|"; content:"|20|seconds."; distance:0; pcre:"/(?:JUNK|HOLD) Flooding (?:\d{1,3}\.){3}\d{1,3} for \d+ seconds.\r?\n/"; reference:url,blog.malwaremustdie.org/2015/11/mmd-0044-2015-source-code-disclosure.html; classtype:command-and-control; sid:2022213; rev:2; metadata:affected_product Linux, created_at 2015_12_03, malware_family ELF_lizkebab, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)

References

urlblog.malwaremustdie.org/2015/11/mmd-0044-2015-source-code-disclosure.html

Metadata

affected productLinux
created at2015_12_03
malware familyELF_lizkebab
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_10_08

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!