Rule History

alert smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE a310Logger Stealer Exfil (SMTP)"; flow:established,to_server; content:"Subject|3a 20|Passwords:::"; fast_pattern; content:"CompName|3a 20|"; content:"Windows|20|Version|3a 20|"; content:"Url"; content:"============================="; reference:md5,3ad8fcbd4c1f1d525207679eb23f3e3c; reference:url,twitter.com/James_inthe_box/status/1407463890078691331; reference:url,app.any.run/tasks/f403243a-ee3c-4797-ba30-616c766d6005/; classtype:trojan-activity; sid:2033167; rev:2; metadata:attack_target Client_Endpoint, created_at 2021_06_23, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_08_24;)