alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Nymaim.BA CnC? M1"; flow:to_server,established; content:"POST"; http_method; content:".in|0d 0a|User-Agent|3a 20|"; http_header; fast_pattern; content:!"Accept"; http_header; content:!"Referer|3a 20|"; http_header; content:"Cache-Control|3a 20|no-cache"; http_header; content:"Pragma|3a 20|no-cache"; http_header; content:!"Content-Type|3a 20|"; http_header; content:!"/"; offset:1; http_uri; content:!"|2e|"; http_uri; pcre:"/^\/[a-z0-9]+\?[a-z0-9]+(?:=[a-z0-9&=]+)?$/Ui"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; reference:md5,3831e58cd22cc9bdf06f18f843cdfee9; reference:url,techhelplist.com/spam-list/974-intuit-browsers-update-malware; classtype:trojan-activity; sid:2022119; rev:2; metadata:created_at 2015_11_19, former_category MALWARE, updated_at 2020_06_09;)

Added 2021-09-21 20:00:26 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Nymaim.BA CnC? M1"; flow:to_server,established; content:"POST"; http_method; content:".in|0d 0a|User-Agent|3a 20|"; http_header; fast_pattern; content:!"Accept"; http_header; content:!"Referer|3a 20|"; http_header; content:"Cache-Control|3a 20|no-cache"; http_header; content:"Pragma|3a 20|no-cache"; http_header; content:!"Content-Type|3a 20|"; http_header; content:!"/"; offset:1; http_uri; content:!"|2e|"; http_uri; pcre:"/^\/[a-z0-9]+\?[a-z0-9]+(?:=[a-z0-9&=]+)?$/Ui"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; reference:md5,3831e58cd22cc9bdf06f18f843cdfee9; reference:url,techhelplist.com/spam-list/974-intuit-browsers-update-malware; classtype:trojan-activity; sid:2022119; rev:2; metadata:created_at 2015_11_18, former_category MALWARE, updated_at 2020_06_09;)

Added 2020-08-05 19:11:51 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Nymaim.BA CnC? M1"; flow:to_server,established; content:"POST"; http_method; content:".in|0d 0a|User-Agent|3a 20|"; http_header; fast_pattern; content:!"Accept"; http_header; content:!"Referer|3a 20|"; http_header; content:"Cache-Control|3a 20|no-cache"; http_header; content:"Pragma|3a 20|no-cache"; http_header; content:!"Content-Type|3a 20|"; http_header; content:!"/"; offset:1; http_uri; content:!"|2e|"; http_uri; pcre:"/^\/[a-z0-9]+\?[a-z0-9]+(?:=[a-z0-9&=]+)?$/Ui"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; metadata: former_category MALWARE; reference:md5,3831e58cd22cc9bdf06f18f843cdfee9; reference:url,techhelplist.com/spam-list/974-intuit-browsers-update-malware; classtype:trojan-activity; sid:2022119; rev:2; metadata:created_at 2015_11_18, updated_at 2020_06_09;)

Added 2020-06-09 18:00:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Nymaim.BA CnC? M1"; flow:to_server,established; content:"POST"; http_method; content:".in|0d 0a|User-Agent|3a 20|"; http_header; fast_pattern; content:!"Accept"; http_header; content:!"Referer|3a 20|"; http_header; content:"Cache-Control|3a 20|no-cache"; http_header; content:"Pragma|3a 20|no-cache"; http_header; content:!"Content-Type|3a 20|"; http_header; content:!"/"; offset:1; http_uri; content:!"|2e|"; http_uri; pcre:"/^\/[a-z0-9]+\?[a-z0-9]+(?:=[a-z0-9&=]+)?$/Ui"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; metadata: former_category MALWARE; reference:md5,3831e58cd22cc9bdf06f18f843cdfee9; reference:url,techhelplist.com/spam-list/974-intuit-browsers-update-malware; classtype:trojan-activity; sid:2022119; rev:2; metadata:created_at 2015_11_18, updated_at 2015_11_18;)

Added 2019-09-19 19:26:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Nymaim.BA CnC? M1"; flow:to_server,established; content:"POST"; http_method; content:".in|0d 0a|User-Agent|3a 20|"; http_header; fast_pattern; content:!"Accept"; http_header; content:!"Referer|3a 20|"; http_header; content:"Cache-Control|3a 20|no-cache"; http_header; content:"Pragma|3a 20|no-cache"; http_header; content:!"Content-Type|3a 20|"; http_header; content:!"/"; offset:1; http_uri; content:!"|2e|"; http_uri; pcre:"/^\/[a-z0-9]+\?[a-z0-9]+(?:=[a-z0-9&=]+)?$/Ui"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; reference:md5,3831e58cd22cc9bdf06f18f843cdfee9; reference:url,techhelplist.com/spam-list/974-intuit-browsers-update-malware; classtype:trojan-activity; sid:2022119; rev:2; metadata:created_at 2015_11_18, updated_at 2015_11_18;)

Added 2018-09-13 19:51:57 UTC


Added 2018-09-13 18:00:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Nymaim.BA CnC? M1"; flow:to_server,established; content:"POST"; http_method; content:".in|0d 0a|User-Agent|3a 20|"; http_header; fast_pattern; content:!"Accept"; http_header; content:!"Referer|3a 20|"; http_header; content:"Cache-Control|3a 20|no-cache"; http_header; content:"Pragma|3a 20|no-cache"; http_header; content:!"Content-Type|3a 20|"; http_header; content:!"/"; offset:1; http_uri; content:!"|2e|"; http_uri; pcre:"/^\/[a-z0-9]+\?[a-z0-9]+(?:=[a-z0-9&=]+)?$/Ui"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; reference:md5,3831e58cd22cc9bdf06f18f843cdfee9; reference:url,techhelplist.com/spam-list/974-intuit-browsers-update-malware; classtype:trojan-activity; sid:2022119; rev:2; metadata:created_at 2015_11_18, updated_at 2015_11_18;)

Added 2017-08-07 21:16:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Nymaim.BA CnC? M1"; flow:to_server,established; content:"POST"; http_method; content:".in|0d 0a|User-Agent|3a 20|"; http_header; fast_pattern; content:!"Accept"; http_header; content:!"Referer|3a 20|"; http_header; content:"Cache-Control|3a 20|no-cache"; http_header; content:"Pragma|3a 20|no-cache"; http_header; content:!"Content-Type|3a 20|"; http_header; content:!"/"; offset:1; http_uri; content:!"|2e|"; http_uri; pcre:"/^\/[a-z0-9]+\?[a-z0-9]+(?:=[a-z0-9&=]+)?$/Ui"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; reference:md5,3831e58cd22cc9bdf06f18f843cdfee9; reference:url,techhelplist.com/spam-list/974-intuit-browsers-update-malware; classtype:trojan-activity; sid:2022119; rev:2;)

Added 2015-11-18 18:33:11 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats