Rule History

alert smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Phoenix Keylogger SMTP Exfil - Clipboard"; flow:established,to_server; content:"Subject|3a 20|PX|20 7c 20|Clipboard|20 7c 20|Client Name|3a 20|"; fast_pattern; reference:md5,1e3ea34762c6301233da7cb8c5e9c45f; reference:url,twitter.com/P3pperP0tts/status/1166325490858303491; classtype:trojan-activity; sid:2028646; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2019_10_02, deployment Perimeter, malware_family AgentTesla, performance_impact Low, confidence High, signature_severity Major, updated_at 2019_10_02;)