alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Generic IOT Downloader Malware in POST (Outbound)"; flow:established,to_server; content:"POST"; http_method; content:"wget"; http_client_body; content:".sh|3b 20|chmod +x "; within:200; fast_pattern; content:"|3b 20|./"; within:100; metadata: former_category HUNTING; classtype:bad-unknown; sid:2029009; rev:1; metadata:affected_product Linux, attack_target IoT?, deployment Perimeter, signature_severity Major, created_at 2019_11_20, updated_at 2019_11_20;)

Added 2019-11-20 21:20:02 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Generic IOT Downloader Malware in POST (Outbound)"; flow:established,to_server; content:"POST"; http_method; content:"wget"; http_client_body; content:".sh|3b 20|chmod +x "; within:200; fast_pattern; content:"|3b 20|./"; within:100; metadata: former_category HUNTING; classtype:bad-unknown; sid:2029009; rev:1; metadata:affected_product Linux, attack_target IoT?, deployment Perimeter, signature_severity Major, created_at 2019_11_20, updated_at 2019_11_20;)

Added 2019-11-20 19:20:23 UTC


Topic revision: r1 - 2019-11-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats