Versions (4)
Version DetailsCurrent
Rev: 7 • May 17, 2012, 12:00 PMET MALWARE W32/Mepaow.Backdoor Initial Checkin to Intermediary Pre-CnC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Mepaow.Backdoor Initial Checkin to Intermediary Pre-CnC"; flow:established,to_server; http.uri; content:"/PostView.nhn?blogId="; fast_pattern; content:"&logNo="; content:"&parentCategoryNo="; content:"&userTopListOpen="; content:"&userTopListManageOpen="; http.user_agent; content:"Mozilla/4.0 (compatible|3b 20|Win32|3b 20|WinHttp.WinHttpRequest.5)"; bsize:57; reference:url,home.mcafee.com/virusinfo/virusprofile.aspx?key=1072862; reference:md5,8af17164500aac1c0965b842aca3fed7; classtype:command-and-control; sid:2014754; rev:7; metadata:created_at 2012_05_17, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_21;)
May 17, 2012, 12:00 PM
Apr 21, 2020, 12:00 PM
May 17, 2012, 12:00 PM
Sep 30, 2025, 9:36 PM
rules/emerging-malware.rules