Versions (3)
Version DetailsCurrent
Rev: 4 • Feb 16, 2012, 12:00 PMET MALWARE NfLog Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE NfLog Checkin"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/Nfile.asp"; fast_pattern; http.content_len; bsize:1; content:"7"; http.request_body; content:"GetFile"; startswith; reference:url,contagiodump.blogspot.com/2012/02/feb-9-cve-2011-1980-msoffice-dll.html; classtype:command-and-control; sid:2014229; rev:4; metadata:created_at 2012_02_16, signature_severity Major, updated_at 2024_02_20;)
Feb 16, 2012, 12:00 PM
Feb 20, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules