Versions (5)
Version DetailsCurrent
Rev: 2 • May 21, 2015, 12:00 PMET HUNTING Suspicious X-mailer Synapse Inbound to SMTP Server
alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS [25,587] (msg:"ET HUNTING Suspicious X-mailer Synapse Inbound to SMTP Server"; flow:established,to_server; content:"produced by Synapse"; fast_pattern; content:"X|2d|mailer|3a 20|Synapse|20 2d 20|Pascal TCP|2f|IP library by Lukas Gebauer"; reference:url,www.joewein.net/spam/spam-joejob.htm; classtype:trojan-activity; sid:2021135; rev:2; metadata:created_at 2015_05_21, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
May 21, 2015, 12:00 PM
Oct 8, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Nov 3, 2025, 10:34 PM
rules/emerging-hunting.rules