ET MALWARE Possible Drive DDoS Check-in

7.0.35.0SID: 2017045Rev: 6Enabled1 views
Sourceet/open
Fileemerging-malware.rules
CreatedJune 22, 2013
UpdatedApril 7, 2024
Classificationtrojan-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible Drive DDoS Check-in"; flow:established,to_server; flowbits:set,ET.Drive.DDoS.Checkin; http.method; content:"POST"; http.header; pcre:"/-urlencoded\r\n(?:\r\n)?$/"; http.request_body; content:"k="; fast_pattern; startswith; pcre:"/^[0-9]*?[a-z]/PR"; http.content_len; byte_test:0,=,17,0,string,dec; http.header_names; content:!"Referer|0d 0a|"; content:"|0d 0a|Host|0d 0a|"; startswith; classtype:trojan-activity; sid:2017045; rev:6; metadata:created_at 2013_06_22, confidence Medium, signature_severity Major, updated_at 2024_04_07;)

Metadata

created at2013_06_22
confidenceMedium
signature severityMajor
updated at2024_04_07

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!