ET MALWARE JS/Nemucod requesting EXE payload 2016-01-28

SID: 2022483Rev: 70 views
History
Sourceet/open
CreatedFebruary 3, 2016
UpdatedAugust 18, 2020
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE JS/Nemucod requesting EXE payload 2016-01-28"; flow:to_server,established; urilen:>82; flowbits:set,ET.nemucod.exerequest; http.method; content:"GET"; http.uri; content:"/counter/?id="; nocase; content:"&rnd="; nocase; pcre:"/\/counter\/\?id=[A-Z0-9_-]{60,}&rnd=\d{1,}$/i"; http.header_names; content:!"Referer"; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/; reference:md5,d5c5cc9cae2e9a7a2d3a77efcb526e4c; classtype:trojan-activity; sid:2022483; rev:7; metadata:created_at 2016_02_03, malware_family JS_Nemucod, signature_severity Major, updated_at 2020_08_18;)

References

urlcertego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/
md5
d5c5cc9cae2e9a7a2d3a77efcb526e4c
Google SearchBrave Search

Metadata

created at2016_02_03
malware familyJS_Nemucod
signature severityMajor
updated at2020_08_18

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!