ET MALWARE ELF/RedXOR CnC Checkin

7.0.35.0SID: 2031934Rev: 2Enabled2 views
Sourceet/open
Fileemerging-malware.rules
CreatedMarch 11, 2021
UpdatedApril 4, 2024
Classificationcommand-and-control
alert http [$HOME_NET,$HTTP_SERVERS] any -> $EXTERNAL_NET any (msg:"ET MALWARE ELF/RedXOR CnC Checkin"; flow:established,to_server; http.method; content:"POST"; http.content_len; content:"00000"; startswith; http.request_header; content:"Total-Length|3a 20|00000"; fast_pattern; startswith; http.request_body; pcre:"/^[\x20-\x7e\r\n]{0,13}[^\x20-\x7e\r\n]/si"; reference:url,www.intezer.com/blog/malware-analysis/new-linux-backdoor-redxor-likely-operated-by-chinese-nation-state-actor/; classtype:command-and-control; sid:2031934; rev:2; metadata:affected_product Linux, attack_target Client_and_Server, created_at 2021_03_11, deployment Perimeter, malware_family RedXOR, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_04;)

Metadata

affected productLinux
attack targetClient_and_Server
created at2021_03_11
deploymentPerimeter
malware familyRedXOR
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_04

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!