Rule History

alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET MALWARE Banker.Delf Infection variant 3 - Sending Initial Email to Owner"; flow:established,to_server; content:"X-Library|3a| Indy 9"; nocase; content:"Subject|3a| INFECT - "; nocase; content:"Data|3a| "; nocase; content:"Windows|3a| Microsoft Windows "; nocase; reference:url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html; classtype:trojan-activity; sid:2002980; rev:4; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2019_07_26;)