ET MALWARE Zacom/NFlog Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedApril 16, 2015
UpdatedMarch 6, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Zacom/NFlog Checkin"; flow:established,to_server ; http.method; content:"POST"; nocase; http.uri; content:".asp?HostID="; fast_pattern; pcre:"/\?HostID=([A-F0-9]{2}(?:-|<>)){5}[A-F0-9]{2}$/" ; http.header; content:"Windows NT 5.0|3b 20|.NET CLR 1.1.4322|29 0d 0a|"; reference:md5,e397a68bf4fbb7a9b4d1b6da1fe2172b ; reference:url,researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/ ; classtype:command-and-control; sid:2020928; rev:6; metadata:created_at 2015_04_16, signature_severity Major, updated_at 2024_03_06;)
References
| md5 | e397a68bf4fbb7a9b4d1b6da1fe2172b |
| url | researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/ |
Metadata
created at2015_04_16
signature severityMajor
updated at2024_03_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!