ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01

SID: 2022482Rev: 60 views
History
Sourceet/open
CreatedFebruary 3, 2016
UpdatedApril 22, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01"; flow:established,to_server; flowbits:set,ET.nemucod.exerequest; http.method; content:"GET"; http.uri; content:".exe"; endswith; nocase; pcre:"/\/[0-9]{2}\.exe$/i"; http.header_names; content:!"Referer"; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/; reference:md5,8bdc81393a4fcfaf6d1b8dc01486f2f0; classtype:trojan-activity; sid:2022482; rev:6; metadata:created_at 2016_02_03, malware_family JS_Nemucod, performance_impact Moderate, signature_severity Major, updated_at 2024_04_22;)

References

urlcertego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/
md5
8bdc81393a4fcfaf6d1b8dc01486f2f0
Google SearchBrave Search

Metadata

created at2016_02_03
malware familyJS_Nemucod
performance impactModerate
signature severityMajor
updated at2024_04_22

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!