alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ELF/Emptiness v1 HTTP Flood Command Inbound"; flow:established,from_server; content:".http|20|"; depth:6; fast_pattern; pcre:"/^((\d{1,3}\.){3}\d{1,3}|((?:https?\x3a\/\/)?[a-z0-9\-]{1,30}\.){1,8}[a-z]{1,8})/Ri"; metadata: former_category TROJAN; reference:url,blog.netlab.360.com/emptiness-a-new-evolving-botnet/; classtype:trojan-activity; sid:2027839; rev:1; metadata:affected_product Linux, tag DDoS?, created_at 2019_08_09, malware_family Emptiness, updated_at 2019_08_09;)

Added 2019-08-09 17:52:27 UTC


Topic revision: r1 - 2019-08-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats