alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Suspicious Email Attachment Possibly Related to Mydoom.L@mm"; flow:to_server,established; content:"Subject|3a 20|"; nocase; content:"mail"; nocase; within:34; content:"name|3d 22|"; pcre:"/name\x3d\x22(message|letter|.*lebanon\x2donline\x2ecom\x2elb)?\x2ezip\x22\x0d\x0a/"; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2004-071915-0829-99&tabid=2; reference:url,www.threatexpert.com/report.aspx?md5=28110a8ea5c13859ddf026db5a8a864a; classtype:trojan-activity; sid:2012932; rev:7;)

Added 2014-09-12 16:28:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET CURRENT_EVENTS Suspicious Email Attachment Possibly Related to Mydoom.L@mm"; flow:to_server,established; content:"Subject|3a 20|"; nocase; content:"mail"; nocase; within:34; content:"name|3d 22|"; pcre:"/name\x3d\x22(message|letter|.*lebanon\x2donline\x2ecom\x2elb)?\x2ezip\x22\x0d\x0a/"; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2004-071915-0829-99&tabid=2; reference:url,www.threatexpert.com/report.aspx?md5=28110a8ea5c13859ddf026db5a8a864a; classtype:trojan-activity; sid:2012932; rev:6;)

Added 2011-10-12 19:35:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET CURRENT_EVENTS Suspicious Email Attachment Possibly Related to Mydoom.L@mm"; flow:to_server,established; content:"Subject|3a 20|"; nocase; content:"mail"; nocase; within:34; content:"name|3d 22|"; pcre:"/name\x3d\x22(message|letter|.*lebanon\x2donline\x2ecom\x2elb)?\x2ezip\x22\x0d\x0a/"; classtype:trojan-activity; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2004-071915-0829-99&tabid=2; reference:url,www.threatexpert.com/report.aspx?md5=28110a8ea5c13859ddf026db5a8a864a; sid:2012932; rev:6;)

Added 2011-06-06 18:57:27 UTC


Topic revision: r1 - 2014-09-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats