""ET INFO Generic IOT Downloader Malware in GET (Inbound)""
SID: 2029012
Revision: 2
Class Type: bad-unknown
Metadata: affected_product Linux, attack_target IoT, created_at 2019_11_20, deployment Perimeter, signature_severity Minor, updated_at 2019_11_20
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: any
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "GET " Depth: 4
-
Value: "wget http"
-
Value: "|20 3b 20|chmod "
-
Value: "|20 3b 20|./"
Within: 100
PCRE:
Special Options:
- fast_pattern