ET MALWARE Linux/dtool IRC Command (AUTH)
Sourceet/open
Fileemerging-malware.rules
CreatedOctober 1, 2015
UpdatedMarch 6, 2024
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Linux/dtool IRC Command (AUTH)"; flow:established,to_client ; content:"PRIVMSG"; content:"] {AUTH} User"; fast_pattern; distance:0; nocase; content:"logged "; distance:0; pcre:"/^(?:in|out)/R" ; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=4048&p=26845#p26845 ; reference:md5,a60b96a2cf4b979968fe5ac6259fb197 ; classtype:trojan-activity; sid:2021875; rev:6; metadata:created_at 2015_10_01, signature_severity Major, updated_at 2024_03_06;)
References
| url | kernelmode.info/forum/viewtopic.php?f=16&t=4048&p=26845#p26845 |
| md5 | a60b96a2cf4b979968fe5ac6259fb197 |
Metadata
created at2015_10_01
signature severityMajor
updated at2024_03_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!