Rule History

alert tcp $HOME_NET any -> $EXTERNAL_NET 37 (msg:"ET MALWARE MultiThreat/Winspy.RAT SMTP Data Exfiltration"; flow:established,to_server; content:"X-Mailer|3A| SysMon v1.0.0"; reference:url,www.fireeye.com/blog/technical/2014/03/from-windows-to-droids-an-insight-in-to-multi-vector-attack-mechanisms-in-rats.html; classtype:trojan-activity; sid:2018293; rev:1; metadata:created_at 2014_03_18, signature_severity Major, updated_at 2019_07_26;)