ET MALWARE W32/Lile.A DoS Outbound
Sourceet/open
Fileemerging-malware.rules
CreatedAugust 7, 2012
UpdatedApril 21, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Lile.A DoS Outbound"; flow:established,to_server ; http.method; content:"GET"; http.request_header; header_lowercase; content:"useragent|3a|"; content:"Windows 98"; fast_pattern; http.host; content:"www.fbi.gov"; startswith; threshold:type limit, track by_src, count 1, seconds 30 ; reference:url,symantec.com/security_response/writeup.jsp?docid=2005-101311-0945-99&tabid=2 ; reference:md5,d6d0cd7eca2cef5aad66efbd312a7987 ; classtype:trojan-activity; sid:2015577; rev:6; metadata:created_at 2012_08_07, signature_severity Major, updated_at 2024_04_21;)
References
| url | symantec.com/security_response/writeup.jsp?docid=2005-101311-0945-99&tabid=2 |
| md5 | d6d0cd7eca2cef5aad66efbd312a7987 |
Metadata
created at2012_08_07
signature severityMajor
updated at2024_04_21
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!