alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET TROJAN Post Express Inbound bad attachment"; flow:established,to_server; content:"Post Express|22|"; nocase; content:"Content-Disposition|3a| attachment|3b|"; nocase; content:"filename=|22|Post_Express_"; nocase; content:".zip|22|"; nocase; classtype:trojan-activity; sid:2012445; rev:6;)

Added 2014-09-12 16:28:30 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET CURRENT_EVENTS Post Express Inbound bad attachment"; flow:established,to_server; content:"Post Express|22|"; nocase; content:"Content-Disposition|3a| attachment|3b|"; nocase; content:"filename=|22|Post_Express_"; nocase; content:".zip|22|"; nocase; classtype:trojan-activity; sid:2012445; rev:5;)

Added 2011-10-12 19:34:21 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET CURRENT_EVENTS Post Express Inbound bad attachment"; flow:established,to_server; content:"Post Express|22|"; nocase; content:"Content-Disposition|3a| attachment|3b|"; nocase; content:"filename=|22|Post_Express_"; nocase; content:".zip|22|"; nocase; classtype:trojan-activity; sid:2012445; rev:5;)

Added 2011-03-28 17:33:31 UTC


#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET DELETED Post Express Inbound bad attachment"; flow:established,to_server; content:"Post Express|22|"; nocase; content:"Content-Disposition|3a| attachment|3b|"; nocase; content:"filename=|22|Post_Express_"; nocase; content:".zip|22|"; nocase; classtype:trojan-activity; sid:2012445; rev:5;)

Added 2011-03-21 15:28:39 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET CURRENT_EVENTS Post Express Inbound bad attachment"; flow:established,to_server; content:"Post Express|22|"; nocase; content:"Content-Disposition|3a| attachment|3b|"; nocase; content:"filename=|22|Post_Express_"; nocase; content:".zip|22|"; nocase; classtype:trojan-activity; sid:2012445; rev:4;)

Added 2011-03-12 13:00:45 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET CURRENT_EVENTS Post Express Inbound bad attachment"; flow:established,to_server; content:"Post Express|22|"; nocase; content:"Content-Disposition|3a|attachment|3b|"; nocase; content:"filename=|22|Post_Express_"; nocase; content:".zip|22|"; nocase; classtype:trojan-activity; sid:2012445; rev:3;)

Added 2011-03-10 16:05:16 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET CURRENT_EVENTS Post Express Inbound bad attachment"; flow:established,to_server; content:"From|3a| |22|Your Post Express|22|"; nocase; content:"Subject|3a| Post Express Office. Get the parcel"; nocase; content:"Content-Disposition|3a|attachment|3b|"; nocase; content:"filename=|22|Post_Express_Label_"; nocase; content:".zip|22|"; nocase; classtype:trojan-activity; sid:2012445; rev:2;)

Added 2011-03-09 10:48:08 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET CURRENT_EVENTS Post Express Inbound bad attachment"; flow:established,to_server; content:"From|3a| |22|Your Post Express|22|"; nocase; content:"Subject|3a| Post Express Office. Get the parcel"; nocase; content:"Content-Disposition|3a|attachment|3b|"; nocase; content:"filename=|22|Post_Express_Label_"; nocase; content:".zip|22|"; nocase; classtype:trojan-activity; sid:2012445; rev:2;)

Added 2011-03-08 20:58:03 UTC


Topic revision: r1 - 2014-09-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats