ET MALWARE Win32/Vundo.OD Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedDecember 17, 2011
UpdatedApril 28, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Vundo.OD Checkin"; flow:established,to_server ; http.uri; content:"/get.php?"; pcre:"/^(?:id|key)=/Ri" ; content:"id="; content:"key="; content:"&os="; content:"&av="; content:"&vm="; content:"&al="; content:"&p="; content:"&z="; http.header_names; to_lowercase; content:!"|0d 0a|user-agent|0d 0a|"; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FVundo.OD ; reference:md5,8840a0d9d7f4dba3953ccb68b17b2d6c ; classtype:command-and-control; sid:2016424; rev:8; metadata:created_at 2011_12_17, malware_family Win32_Vundo_OD, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_28;)
References
| url | www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FVundo.OD |
| md5 | 8840a0d9d7f4dba3953ccb68b17b2d6c |
Metadata
created at2011_12_17
malware familyWin32_Vundo_OD
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_28
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!