DDoSTF

rule DDosTf : DDoS
{
  meta:
    author = "benkow_ - MalwareMustDie"
    description = "ELF.DDosTf"
  strings:
    $st0 = "ddos.tf"
    $st1 = {E8 AE BE E7 BD AE 54 43  50 5F 4B 45 45 50 49 4E 54 56 4C E9 94 99 E8 AF AF EF BC 9A 00} /*TCP_KEEPINTVL*/
    $st2 = {E8 AE BE E7 BD AE 54 43  50 5F 4B 45 45 50 43 4E 54 E9 94 99 E8 AF AF EF BC 9A 00} /*TCP_KEEPCNT*/
    $st3 = "Accept-Language: zh"
	$st4 = "%d Kb/bps|%d%%"

  condition:
    all of them
}