Versions (3)
Version DetailsCurrent
Rev: 7 • Feb 3, 2016, 12:00 PMET MALWARE JS/Nemucod requesting EXE payload 2016-01-28
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE JS/Nemucod requesting EXE payload 2016-01-28"; flow:to_server,established; urilen:>82; flowbits:set,ET.nemucod.exerequest; http.method; content:"GET"; http.uri; content:"/counter/?id="; nocase; content:"&rnd="; nocase; pcre:"/\/counter\/\?id=[A-Z0-9_-]{60,}&rnd=\d{1,}$/i"; http.header_names; content:!"Referer"; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/; reference:md5,d5c5cc9cae2e9a7a2d3a77efcb526e4c; classtype:trojan-activity; sid:2022483; rev:7; metadata:created_at 2016_02_03, malware_family JS_Nemucod, signature_severity Major, updated_at 2020_08_18;)
Feb 3, 2016, 12:00 PM
Aug 18, 2020, 12:00 PM
Feb 3, 2016, 12:00 PM
Sep 16, 2024, 11:00 PM
rules/emerging-malware.rules