ET MALWARE JS/Nemucod requesting EXE payload 2015-12-01
Sourceet/open
Fileemerging-malware.rules
CreatedDecember 2, 2015
UpdatedApril 28, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE JS/Nemucod requesting EXE payload 2015-12-01"; flow:established,to_server ; flowbits:set,ET.nemucod.exerequest ; http.method; content:"GET"; http.uri; content:".exe?"; fast_pattern; nocase; pcre:"/\/[0-9]{2}\.exe\?[0-9]$/i"; http.user_agent; content:!"BlueCoat"; startswith; nocase; content:"MSIE 7.0"; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; nocase; reference:url,www.certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/ ; reference:md5,77290f994d05ad0add5768c9c040dc55 ; classtype:trojan-activity; sid:2022207; rev:8; metadata:created_at 2015_12_02, malware_family JS_Nemucod, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_28;)
References
| url | www.certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/ |
| md5 | 77290f994d05ad0add5768c9c040dc55 |
Metadata
created at2015_12_02
malware familyJS_Nemucod
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_28
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!