ET MALWARE Nexcorium Payload Retrieval Attempt

SID: 2069031Rev: 10 views
Sourceet/open
CreatedApril 28, 2026
UpdatedApril 28, 2026
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Nexcorium Payload Retrieval Attempt"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"nexuscorp|2e|"; fast_pattern; pcre:"/^(?:arm(?:5|6|7)?|mips|mpsl|x86)$/R"; reference:url,www.fortinet.com/blog/threat-research/tracking-mirai-variant-nexcorium-a-vulnerability-driven-iot-botnet-campaign; classtype:trojan-activity; sid:2069031; rev:1; metadata:affected_product IoT, attack_target Networking_Equipment, tls_state plaintext, created_at 2026_04_28, deployment Perimeter, malware_family Nexcorium, performance_impact Low, confidence High, signature_severity Major, updated_at 2026_04_28; target:src_ip;)

References

urlwww.fortinet.com/blog/threat-research/tracking-mirai-variant-nexcorium-a-vulnerability-driven-iot-botnet-campaign

Metadata

affected productIoT
attack targetNetworking_Equipment
tls stateplaintext
created at2026_04_28
deploymentPerimeter
malware familyNexcorium
performance impactLow
confidenceHigh
signature severityMajor
updated at2026_04_28

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!