#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS [25,587] (msg:"ET CURRENT_EVENTS .gadget Email Attachment - Possible Upatre"; flow:established,to_server; content:"Content-Type|3a| application/zip|3b|"; nocase; content:".gadget|22|"; distance:7; within:30; nocase; pcre:"/name=\x22[a-z0-9\-_\.\s]{0,25}\.gadget\x22/i"; reference:url,pastebin.com/5eNDazpL; classtype:trojan-activity; sid:2018490; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2014_05_20, former_category CURRENT_EVENTS, malware_family Upatre, signature_severity Critical, tag Exploit_Kit, tag Downloader, tag Upatre, updated_at 2016_07_01;)

Added 2020-11-20 19:36:45 UTC


#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS [25,587] (msg:"ET CURRENT_EVENTS .gadget Email Attachment - Possible Upatre"; flow:established,to_server; content:"Content-Type|3a| application/zip|3b|"; nocase; content:".gadget|22|"; distance:7; within:30; nocase; pcre:"/name=\x22[a-z0-9\-_\.\s]{0,25}\.gadget\x22/i"; reference:url,pastebin.com/5eNDazpL; classtype:trojan-activity; sid:2018490; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2014_05_20, malware_family Upatre, signature_severity Critical, tag Exploit_Kit, tag Downloader, tag Upatre, updated_at 2016_07_01;)

Added 2020-08-05 19:09:50 UTC


#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS [25,587] (msg:"ET CURRENT_EVENTS .gadget Email Attachment - Possible Upatre"; flow:established,to_server; content:"Content-Type|3a| application/zip|3b|"; nocase; content:".gadget|22|"; distance:7; within:30; nocase; pcre:"/name=\x22[a-z0-9\-_\.\s]{0,25}\.gadget\x22/i"; reference:url,pastebin.com/5eNDazpL; classtype:trojan-activity; sid:2018490; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, tag Exploit_Kit, tag Downloader, tag Upatre, signature_severity Critical, created_at 2014_05_20, malware_family Upatre, updated_at 2016_07_01;)

Added 2017-08-07 21:12:34 UTC


#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS [25,587] (msg:"ET CURRENT_EVENTS .gadget Email Attachment - Possible Upatre"; flow:established,to_server; content:"Content-Type|3a| application/zip|3b|"; nocase; content:".gadget|22|"; distance:7; within:30; nocase; pcre:"/name=\x22[a-z0-9\-_\.\s]{0,25}\.gadget\x22/i"; reference:url,pastebin.com/5eNDazpL; classtype:trojan-activity; sid:2018490; rev:2;)

Added 2017-04-19 17:17:23 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS [25,587] (msg:"ET CURRENT_EVENTS .gadget Email Attachment - Possible Upatre"; flow:established,to_server; content:"Content-Type|3a| application/zip|3b|"; nocase; content:".gadget|22|"; distance:7; within:30; nocase; pcre:"/name=\x22[a-z0-9\-_\.\s]{0,25}\.gadget\x22/i"; reference:url,pastebin.com/5eNDazpL; classtype:trojan-activity; sid:2018490; rev:2;)

Added 2014-05-20 19:10:40 UTC



This topic: Main > 2018490
Topic revision: r1 - 2020-11-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats