ET MALWARE Possible Win32/Napolar.A URL Response
Sourceet/open
Fileemerging-malware.rules
CreatedAugust 22, 2013
UpdatedMarch 6, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible Win32/Napolar.A URL Response"; flow:established,to_client ; http.stat_code; content:"200"; file.data; content:"!http|3a|//"; within:8; pcre:"/^[^\r\n]+?\$$/R"; reference:md5,9a8cee88d7440f25be8404b71cb584de ; reference:md5,b70f8d0afa82c222f55f7a18d2ad0b81 ; classtype:trojan-activity; sid:2017367; rev:4; metadata:created_at 2013_08_22, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06;)
References
| md5 | 9a8cee88d7440f25be8404b71cb584de |
| md5 | b70f8d0afa82c222f55f7a18d2ad0b81 |
Metadata
created at2013_08_22
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!