ET MALWARE ELF/Emptiness v1.1 UDP Flood Command Inbound

SID: 2027840Rev: 11 views
History
Sourceet/open
CreatedAugust 9, 2019
UpdatedAugust 9, 2019
Classificationtrojan-activity
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE ELF/Emptiness v1.1 UDP Flood Command Inbound"; flow:established,from_server; content:"LnVkcC"; depth:6; fast_pattern; pcre:"/^(?:[A-Z0-9+/]{4})*(?:[A-Z0-9+/]{2}==|[A-Z0-9+/]{3}=|[A-Z0-9+/]{4})$/i"; reference:url,blog.netlab.360.com/emptiness-a-new-evolving-botnet/; classtype:trojan-activity; sid:2027840; rev:1; metadata:affected_product Linux, created_at 2019_08_09, malware_family Emptiness, confidence High, signature_severity Major, tag DDoS, updated_at 2019_08_09;)

References

urlblog.netlab.360.com/emptiness-a-new-evolving-botnet/

Metadata

affected productLinux
created at2019_08_09
malware familyEmptiness
confidenceHigh
signature severityMajor
tagDDoS
updated at2019_08_09

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!