Versions (3)
Version DetailsCurrent
Rev: 2 • Mar 9, 2012, 12:00 PMET MALWARE SMTP Subject Line Contains C Path and EXE Possible Trojan Reporting Execution Path/Binary Name
alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET MALWARE SMTP Subject Line Contains C Path and EXE Possible Trojan Reporting Execution Path/Binary Name"; flow:established,to_server; content:"Subject|3A 20|"; content:"C|3A 5C|"; nocase; fast_pattern; within:100; content:".exe"; within:40; pcre:"/Subject\x3A\x20[^\r\n]*C\x3A\x5C[^\r\n]*\x2Eexe/i"; reference:md5,24e937b9f3fd6a04dde46a2bc75d4b18; classtype:bad-unknown; sid:2014343; rev:2; metadata:created_at 2012_03_09, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Mar 9, 2012, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules