Versions (3)
Version DetailsCurrent
Rev: 11 • Apr 16, 2013, 12:00 PMET MALWARE W32/Nymaim Checkin M2
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Nymaim Checkin M2"; flow:to_server,established; http.method; content:"POST"; http.content_type; content:"application/x-www-form-urlencoded"; nocase; bsize:33; http.user_agent; content:"|20|MSIE|20|"; http.request_body; content:"filename="; depth:9; fast_pattern; content:"&data="; distance:0; pcre:"/^filename=[a-z]+?\.[a-z]+?&data=/"; http.header_names; content:!"Referer"; classtype:command-and-control; sid:2016757; rev:11; metadata:created_at 2013_04_16, signature_severity Major, updated_at 2022_10_20;)
Apr 16, 2013, 12:00 PM
Oct 20, 2022, 12:00 PM
Apr 16, 2013, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules