""ET TROJAN Backdoor.Perl.Shellbot.cd IRC Bot that have DoS/DDoS functions""

SID: 2025065

Revision: 3

Class Type: trojan-activity

Metadata: created_at 2012_05_22, updated_at 2014_09_12

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: any

Flow: from_server,established

Contents:

• Value: "PRIVMSG|20|"

Within:

PCRE: "/^PRIVMSG.*@(portscan|back|(tcp|udp|http)flood|tsunami|(de)?voice|reset|die|say|join|part|(de)?op)/mi"

Special Options:

source