alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ARM Binary Downloaded via WGET Containing Suspicious Netcat Command - Possible IoT? Malware"; flow:from_server,established; flowbits:isset,ET.armwget; content:"|25|24|25|28nc+"; content:"+-e+|25|2Fbin|25|2Fsh|25|29"; within:50; fast_pattern; metadata: former_category MALWARE; reference:url,blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-81-en/; classtype:trojan-activity; sid:2024241; rev:2; metadata:attack_target IoT?, deployment Perimeter, signature_severity Major, created_at 2017_04_25, updated_at 2017_04_25;)

Added 2019-10-09 19:08:54 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ARM Binary Downloaded via WGET Containing Suspicious Netcat Command - Possible IoT? Malware"; flow:from_server,established; flowbits:isset,ET.armwget; content:"|25|24|25|28nc+"; content:"+-e+|25|2Fbin|25|2Fsh|25|29"; within:50; fast_pattern; metadata: former_category TROJAN; reference:url,blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-81-en/; classtype:trojan-activity; sid:2024241; rev:2; metadata:attack_target IoT?, deployment Perimeter, signature_severity Major, created_at 2017_04_25, updated_at 2017_04_25;)

Added 2018-09-13 19:53:44 UTC


Added 2018-09-13 18:01:33 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ARM Binary Downloaded via WGET Containing Suspicious Netcat Command - Possible IoT? Malware"; flow:from_server,established; flowbits:isset,ET.armwget; content:"|25|24|25|28nc+"; content:"+-e+|25|2Fbin|25|2Fsh|25|29"; within:50; fast_pattern; metadata: former_category TROJAN; reference:url,blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-81-en/; classtype:trojan-activity; sid:2024241; rev:2; metadata:attack_target IoT?, deployment Perimeter, signature_severity Major, created_at 2017_04_25, updated_at 2017_04_25;)

Added 2017-08-07 21:19:34 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ARM Binary Downloaded via WGET Containing Suspicious Netcat Command - Possible IoT? Malware"; flow:from_server,established; flowbits:isset,ET.armwget; content:"|25|24|25|28nc+"; content:"+-e+|25|2Fbin|25|2Fsh|25|29"; within:50; fast_pattern; reference:url,blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-81-en/; classtype:trojan-activity; sid:2024241; rev:2;)

Added 2017-05-05 16:59:07 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ARM Binary Downloaded via WGET Containing Suspicious Netcat Command - Possible IoT? Malware"; flow:from_server,established; flowbits:isset,ET.armwget; content:"|25|24|25|28nc+"; content:"+-e+|25|2Fbin|25|2Fsh|25|29"; within:50; fast_pattern; metadata: former_category TROJAN; reference:url,blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-81-en/; classtype:trojan-activity; sid:2024241; rev:2;)

Added 2017-05-03 17:36:05 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ARM Binary Downloaded via WGET Containing Suspicious Netcat Command - Possible IoT? Malware"; flow:from_server,established; flowbits:isset,ET.armwget; content:"|25|24|25|28nc+"; content:"+-e+|25|2Fbin|25|2Fsh|25|29"; within:50; fast_pattern; reference:url,blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-81-en/; classtype:trojan-activity; sid:2024241; rev:2;)

Added 2017-04-25 17:55:29 UTC


Topic revision: r1 - 2019-10-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats