Rule History

SID: 2046274 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 1 • Jun 15, 2023, 12:00 PM

Message:

ET MALWARE [Mandiant] UNC4841 SEASPY Backdoor Activity M2

Rule:

alert tcp-pkt any any -> $SMTP_SERVERS [25,587] (msg:"ET MALWARE [Mandiant] UNC4841 SEASPY Backdoor Activity M2"; flow:stateless,to_server; flags:S; dsize:>9; content:"TfuZ"; startswith; threshold:type limit,track by_src,count 1,seconds 3600; reference:url,www.mandiant.com/resources/blog/barracuda-esg-exploited-globally; classtype:command-and-control; sid:2046274; rev:1; metadata:affected_product Barracuda_ESG, attack_target SMTP_Server, created_at 2023_06_15, deployment Perimeter, deployment Internal, malware_family SEASPY, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_06_21, reviewed_at 2023_08_21; target:dest_ip;)

Created:

Jun 15, 2023, 12:00 PM

Updated:

Jun 21, 2023, 12:00 PM

DB Created:

Jun 15, 2023, 10:00 PM

DB Updated:

May 31, 2024, 9:00 PM

Filename:

rules/emerging-malware.rules