ET MALWARE Possible Win32/Napolar.A URL Response

SID: 2017367Rev: 30 views
History
Sourceet/open
CreatedAugust 22, 2013
UpdatedApril 24, 2020
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible Win32/Napolar.A URL Response"; flow:from_server,established; http.stat_code; content:"200"; file.data; content:"!http|3a|//"; within:8; pcre:"/^[^\r\n]+?\$$/R"; reference:md5,9a8cee88d7440f25be8404b71cb584de; reference:md5,b70f8d0afa82c222f55f7a18d2ad0b81; classtype:trojan-activity; sid:2017367; rev:3; metadata:created_at 2013_08_22, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_24;)

References

md5
9a8cee88d7440f25be8404b71cb584de
Google SearchBrave Search
md5
b70f8d0afa82c222f55f7a18d2ad0b81
Google SearchBrave Search

Metadata

created at2013_08_22
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2020_04_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!