alert smtp $EXTERNAL_NET any -> $SMTP_SERVERS any (msg:"ET INFO SUSPICIOUS SMTP EXE - ZIP file with .scr filename inside"; flow:established; content:"|0D 0A 0D 0A|UEsDB"; pcre:"/^[A-Za-z0-9\/\+\x0D\x0A]+?(LnNjc?|Euc2Ny|S5zY3)/R"; metadata: former_category INFO; classtype:bad-unknown; sid:2017889; rev:2; metadata:created_at 2013_12_19, updated_at 2013_12_19;)

Added 2019-10-09 19:08:51 UTC


alert smtp $EXTERNAL_NET any -> $SMTP_SERVERS any (msg:"ET INFO SUSPICIOUS SMTP EXE - ZIP file with .scr filename inside"; flow:established; content:"|0D 0A 0D 0A|UEsDB"; pcre:"/^[A-Za-z0-9\/\+\x0D\x0A]+?(LnNjc?|Euc2Ny|S5zY3)/R"; classtype:bad-unknown; sid:2017889; rev:2; metadata:created_at 2013_12_19, updated_at 2013_12_19;)

Added 2018-09-13 19:48:13 UTC


Added 2018-09-13 17:58:18 UTC


alert smtp $EXTERNAL_NET any -> $SMTP_SERVERS any (msg:"ET INFO SUSPICIOUS SMTP EXE - ZIP file with .scr filename inside"; flow:established; content:"|0D 0A 0D 0A|UEsDB"; pcre:"/^[A-Za-z0-9\/\+\x0D\x0A]+?(LnNjc?|Euc2Ny|S5zY3)/R"; classtype:bad-unknown; sid:2017889; rev:2; metadata:created_at 2013_12_19, updated_at 2013_12_19;)

Added 2017-08-07 21:11:53 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS [25,587] (msg:"ET INFO SUSPICIOUS SMTP EXE - ZIP file with .scr filename inside"; flow:established; content:"|0D 0A 0D 0A|UEsDB"; pcre:"/^[A-Za-z0-9\/\+\x0D\x0A]+?(LnNjc?|Euc2Ny|S5zY3)/R"; classtype:bad-unknown; sid:2017889; rev:2;)

Added 2013-12-19 18:11:48 UTC


Topic revision: r1 - 2019-10-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats