alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Generic IOT Downloader Malware in GET (Outbound)"; flow:established,to_server; content:"GET "; depth:4; content:"wget http"; within:200; content:"|20 3b 20|chmod "; within:200; fast_pattern; content:"|20 3b 20|./"; within:100; metadata: former_category HUNTING; classtype:bad-unknown; sid:2029010; rev:2; metadata:affected_product Linux, attack_target IoT?, deployment Perimeter, signature_severity Major, created_at 2019_11_20, updated_at 2019_11_20;)

Added 2019-11-20 21:20:03 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Generic IOT Downloader Malware in GET (Outbound)"; flow:established,to_server; content:"GET "; depth:4; content:"wget http"; within:200; content:"|20 3b 20|chmod "; within:200; fast_pattern; content:"|20 3b 20|./"; within:100; metadata: former_category HUNTING; classtype:bad-unknown; sid:2029010; rev:2; metadata:affected_product Linux, attack_target IoT?, deployment Perimeter, signature_severity Major, created_at 2019_11_20, updated_at 2019_11_20;)

Added 2019-11-20 19:20:23 UTC


Topic revision: r1 - 2019-11-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats