Versions (4)
Version DetailsCurrent
Rev: 3 • Aug 22, 2013, 12:00 PMET MALWARE Possible Win32/Napolar.A URL Response
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible Win32/Napolar.A URL Response"; flow:from_server,established; http.stat_code; content:"200"; file.data; content:"!http|3a|//"; within:8; pcre:"/^[^\r\n]+?\$$/R"; reference:md5,9a8cee88d7440f25be8404b71cb584de; reference:md5,b70f8d0afa82c222f55f7a18d2ad0b81; classtype:trojan-activity; sid:2017367; rev:3; metadata:created_at 2013_08_22, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_24;)
Aug 22, 2013, 12:00 PM
Apr 24, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 10, 2025, 11:34 PM
rules/emerging-malware.rules