""ET INFO Generic IOT Downloader Malware in GET (Outbound)""
SID: 2029010
Revision: 2
Class Type: bad-unknown
Metadata: affected_product Linux, attack_target IoT, created_at 2019_11_20, deployment Perimeter, signature_severity Major, updated_at 2019_11_20
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "GET " Depth: 4
-
Value: "wget http"
-
Value: "|20 3b 20|chmod "
-
Value: "|20 3b 20|./"
Within: 100
PCRE:
Special Options:
- fast_pattern