""ET ATTACK_RESPONSE 401TRG Perl DDoS IRCBot File Download""
SID: 2024977
Revision: 1
Class Type: trojan-activity
Metadata: affected_product Apache_HTTP_server, attack_target Web_Server, created_at 2017_11_07, deployment Datacenter, malware_family webshell, performance_impact Moderate, signature_severity Major, updated_at 2017_11_07
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HTTP_SERVERS
Destination Port: any
Flow: established,from_server
Contents:
- Value: "|6d 79 20 24 70 72 6f 63 65 73 73 20 3d 20 24 72 70 73 5b 72 61 6e 64 20 73 63 61 6c 61 72 20 40 72 70 73 5d 3b|"
Within:
PCRE:
Special Options: