#alert tcp $HOME_NET any -> $EXTERNAL_NET [25,26,587,2525] (msg:"ET TROJAN Pain File Stealer sending wallet.dat via SMTP"; flow:to_server,established; content:"Subject|3a| Pain File Stealer"; fast_pattern:9,17; content:"Content|2d|Type|3a 20|application|2f|octet|2d|stream|3b 20|name|3d|wallet.dat"; reference:url,www.cyphort.com/blog/nighthunter-massive-campaign-steal-credentials-revealed; classtype:trojan-activity; sid:2018738; rev:1; metadata:created_at 2014_07_18, former_category MALWARE, updated_at 2014_07_18;)

Added 2020-11-20 19:36:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [25,26,587,2525] (msg:"ET TROJAN Pain File Stealer sending wallet.dat via SMTP"; flow:to_server,established; content:"Subject|3a| Pain File Stealer"; fast_pattern:9,17; content:"Content|2d|Type|3a 20|application|2f|octet|2d|stream|3b 20|name|3d|wallet.dat"; reference:url,www.cyphort.com/blog/nighthunter-massive-campaign-steal-credentials-revealed; classtype:trojan-activity; sid:2018738; rev:1; metadata:created_at 2014_07_18, updated_at 2014_07_18;)

Added 2018-09-13 19:48:59 UTC


Added 2018-09-13 17:58:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [25,26,587,2525] (msg:"ET TROJAN Pain File Stealer sending wallet.dat via SMTP"; flow:to_server,established; content:"Subject|3a| Pain File Stealer"; fast_pattern:9,17; content:"Content|2d|Type|3a 20|application|2f|octet|2d|stream|3b 20|name|3d|wallet.dat"; reference:url,www.cyphort.com/blog/nighthunter-massive-campaign-steal-credentials-revealed; classtype:trojan-activity; sid:2018738; rev:1; metadata:created_at 2014_07_18, updated_at 2014_07_18;)

Added 2017-08-07 21:12:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [25,26,587,2525] (msg:"ET TROJAN Pain File Stealer sending wallet.dat via SMTP"; flow:to_server,established; content:"Subject|3a| Pain File Stealer"; fast_pattern:9,17; content:"Content|2d|Type|3a 20|application|2f|octet|2d|stream|3b 20|name|3d|wallet.dat"; reference:url,www.cyphort.com/blog/nighthunter-massive-campaign-steal-credentials-revealed; classtype:trojan-activity; sid:2018738; rev:1;)

Added 2014-07-18 17:24:36 UTC



This topic: Main > 2018738
Topic revision: r1 - 2020-11-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats