Influence operations actor - Various
DDoS:Linux/Flooder.SB!xp is a Linux-based UDP flooder designed to launch Denial of Service (DoS) attacks by sending large volumes of packets to a target, aiming to disrupt its network services. This specific variant is identified by concrete strings related to its operational messages, usage instructions, and a specific version string, indicating a confirmed malware detection.
No specific strings found for this threat
rule DDoS_Linux_Flooder_SB_2147808336_0
{
meta:
author = "threatcheck.sh"
detection_name = "DDoS:Linux/Flooder.SB!xp"
threat_id = "2147808336"
type = "DDoS"
platform = "Linux: Linux platform"
family = "Flooder"
severity = "Critical"
info = "xp: an internal category used to refer to some threats"
signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
threshold = "4"
strings_accuracy = "High"
strings:
$x_2_1 = "Starting Flood..." ascii //weight: 2
$x_2_2 = "Opening sockets..." ascii //weight: 2
$x_2_3 = "Sending attack..." ascii //weight: 2
$x_2_4 = "Setting up Sockets..." ascii //weight: 2
$x_2_5 = "Usage: %s <target" ascii //weight: 2
$x_2_6 = "Usage: %s <IP> <threads>" ascii //weight: 2
$x_2_7 = ":: sending all the packets.." ascii //weight: 2
$x_2_8 = ":: cant open raw socket. got root" ascii //weight: 2
$x_2_9 = ":: motherfucking error." ascii //weight: 2
$x_2_10 = "Flooding %s" ascii //weight: 2
$x_2_11 = "UDP Flooder v1.2.8 FINAL by ohnoes1479" ascii //weight: 2
$x_2_12 = "Sending packets.." ascii //weight: 2
$x_2_13 = "Opening threads..." ascii //weight: 2
$x_2_14 = "Usage: %s [IP]" ascii //weight: 2
condition:
(filesize < 20MB) and
(2 of ($x*))
}74d57c2812f54b076fa92735b289ecbf924ccb8719b0594cb7ee6c4674e48d48Immediately isolate the compromised Linux system to prevent further attack participation. Remove the detected malware files and conduct a thorough forensic analysis to identify the initial compromise vector. Implement strong access controls, ensure all systems are patched, and configure network security measures such as ingress/egress filtering and rate limiting.