ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 3

7.0.35.0SID: 2016815Rev: 6Enabled0 views
Sourceet/open
Fileemerging-malware.rules
CreatedMay 3, 2013
UpdatedMarch 6, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 3"; flow:established,to_client; http.stat_code; content:"302"; http.location; content:"/index.php?"; content:"ZzdXJpP"; fast_pattern; distance:0; pcre:"/^https?\:\/\/[a-f0-9]{16}\.[^\r\n]+?\/index\.php\?[a-z]=(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})$/i"; reference:url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/; classtype:trojan-activity; sid:2016815; rev:6; metadata:created_at 2013_05_03, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06;)

Metadata

created at2013_05_03
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_06

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!