ET MALWARE JS/Nemucod requesting EXE payload 2016-03-31
Sourceet/open
Fileemerging-malware.rules
CreatedMarch 31, 2016
UpdatedApril 20, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE JS/Nemucod requesting EXE payload 2016-03-31"; flow:established,to_server ; flowbits:set,ET.nemucod.exerequest ; http.method; content:"GET"; http.uri; content:"/counter/?ad="; nocase; content:"="; distance:0; pcre:"/=\d+$/"; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/ ; reference:md5,c5ad81d8d986c92f90d0462bc06ac9c6 ; classtype:trojan-activity; sid:2022692; rev:5; metadata:created_at 2016_03_31, malware_family JS_Nemucod, signature_severity Major, updated_at 2024_04_20;)
References
| url | certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/ |
| md5 | c5ad81d8d986c92f90d0462bc06ac9c6 |
Metadata
created at2016_03_31
malware familyJS_Nemucod
signature severityMajor
updated at2024_04_20
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!