alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01"; flow:established,to_server; content:"GET"; http_method; content:".exe"; http_uri; isdataat:!1,relative; nocase; pcre:"/\/[0-9]{2}\.exe$/iU"; http_header_names; content:!"Referer"; flowbits:set,ET.nemucod.exerequest; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/; reference:md5,8bdc81393a4fcfaf6d1b8dc01486f2f0; classtype:trojan-activity; sid:2022482; rev:3; metadata:created_at 2016_02_03, updated_at 2020_09_15;)

Added 2021-09-21 20:00:31 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01"; flow:established,to_server; content:"GET"; http_method; content:".exe"; http_uri; isdataat:!1,relative; nocase; pcre:"/\/[0-9]{2}\.exe$/iU"; http_header_names; content:!"Referer"; flowbits:set,ET.nemucod.exerequest; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/; reference:md5,8bdc81393a4fcfaf6d1b8dc01486f2f0; classtype:trojan-activity; sid:2022482; rev:3; metadata:created_at 2016_02_02, updated_at 2020_09_15;)

Added 2020-09-15 18:38:41 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01"; flow:established,to_server; content:"GET"; http_method; content:".exe"; http_uri; isdataat:!1,relative; nocase; pcre:"/\/[0-9]{2}\.exe$/iU"; http_header_names; content:!"Referer"; flowbits:set,ET.nemucod.exerequest; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/; reference:md5,8bdc81393a4fcfaf6d1b8dc01486f2f0; classtype:trojan-activity; sid:2022482; rev:3; metadata:created_at 2016_02_02, updated_at 2019_09_28;)

Added 2019-10-01 08:28:29 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01"; flow:established,to_server; content:"GET"; http_method; content:".exe"; http_uri; isdataat:!1,relative; nocase; pcre:"/\/[0-9]{2}\.exe$/iU"; http_header_names; content:!"Referer"; flowbits:set,ET.nemucod.exerequest; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/; reference:md5,8bdc81393a4fcfaf6d1b8dc01486f2f0; classtype:trojan-activity; sid:2022482; rev:3; metadata:created_at 2016_02_02, updated_at 2019_09_28;)

Added 2019-10-01 04:22:54 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01"; flow:established,to_server; content:"GET"; http_method; content:".exe"; http_uri; isdataat:!1,relative; nocase; pcre:"/\/[0-9]{2}\.exe$/iU"; http_header_names; content:!"Referer"; flowbits:set,ET.nemucod.exerequest; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/; reference:md5,8bdc81393a4fcfaf6d1b8dc01486f2f0; classtype:trojan-activity; sid:2022482; rev:3; metadata:created_at 2016_02_02, updated_at 2016_02_02;)

Added 2018-09-13 19:52:16 UTC


Added 2018-09-13 18:00:44 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01"; flow:to_server,established; content:"GET"; http_method; content:".exe"; http_uri; nocase; content:!"Referer|3a| "; nocase; http_header; pcre:"/\/[0-9]{2}\.exe$/iU"; flowbits:set,ET.nemucod.exerequest; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/; reference:md5,8bdc81393a4fcfaf6d1b8dc01486f2f0; classtype:trojan-activity; sid:2022482; rev:2; metadata:created_at 2016_02_02, updated_at 2016_02_02;)

Added 2017-08-07 21:17:23 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01"; flow:to_server,established; content:"GET"; http_method; content:".exe"; http_uri; nocase; content:!"Referer|3a| "; nocase; http_header; pcre:"/\/[0-9]{2}\.exe$/iU"; flowbits:set,ET.nemucod.exerequest; reference:url,certego.net/en/news/italian-spam-campaigns-using-js-nemucod-downloader/; reference:md5,8bdc81393a4fcfaf6d1b8dc01486f2f0; classtype:trojan-activity; sid:2022482; rev:2;)

Added 2016-02-02 17:29:34 UTC



This topic: Main > 2022482
Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats