ET MALWARE Possible Drive DDoS Check-in
Sourceet/open
Fileemerging-malware.rules
CreatedJune 22, 2013
UpdatedApril 7, 2024
Classificationtrojan-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible Drive DDoS Check-in"; flow:established,to_server ; flowbits:set,ET.Drive.DDoS.Checkin ; http.method; content:"POST"; http.header; pcre:"/-urlencoded\r\n(?:\r\n)?$/" ; http.request_body; content:"k="; fast_pattern; startswith; pcre:"/^[0-9]*?[a-z]/PR"; http.content_len; byte_test:0,=,17,0,string,dec ; http.header_names; content:!"Referer|0d 0a|"; content:"|0d 0a|Host|0d 0a|"; startswith; classtype:trojan-activity; sid:2017045; rev:6; metadata:created_at 2013_06_22, confidence Medium, signature_severity Major, updated_at 2024_04_07;)
Metadata
created at2013_06_22
confidenceMedium
signature severityMajor
updated at2024_04_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!