ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 3
Sourceet/open
Fileemerging-malware.rules
CreatedMay 3, 2013
UpdatedMarch 6, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 3"; flow:established,to_client ; http.stat_code; content:"302"; http.location; content:"/index.php?"; content:"ZzdXJpP"; fast_pattern; distance:0; pcre:"/^https?\:\/\/[a-f0-9]{16}\.[^\r\n]+?\/index\.php\?[a-z]=(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})$/i" ; reference:url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/ ; classtype:trojan-activity; sid:2016815; rev:6; metadata:created_at 2013_05_03, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06;)
References
Metadata
created at2013_05_03
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!