Versions (3)
Version DetailsCurrent
Rev: 1 • Apr 9, 2015, 12:00 PMET MALWARE Kriptovor SMTP Traffic
alert tcp $HOME_NET any -> $EXTERNAL_NET [25,465,587] (msg:"ET MALWARE Kriptovor SMTP Traffic"; flow:established,to_server; content:"|0d 0a|PC|3a 20|"; content:"|0d 0a|Text|3a 20|"; distance:0; content:"|0d 0a|IP|3a 20|"; distance:0; content:"|0d 0a|TS|3a 20|"; distance:0; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,c3ab87f85ca07a7d026d3cbd54029bbe; classtype:trojan-activity; sid:2020884; rev:1; metadata:created_at 2015_04_09, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Apr 9, 2015, 12:00 PM
Jul 26, 2019, 12:00 PM
Apr 9, 2015, 12:00 PM
Oct 20, 2025, 3:34 PM
rules/emerging-malware.rules