Versions (2)
Version DetailsCurrent
Rev: 2 • Jun 15, 2023, 12:00 PMET MALWARE [Mandiant] UNC4841 SEASPY Backdoor Activity M3
alert tcp-pkt any any -> $SMTP_SERVERS [25,587] (msg:"ET MALWARE [Mandiant] UNC4841 SEASPY Backdoor Activity M3"; flow:stateless,to_server; flags:S; tcp.hdr; content:"|05 4e|"; offset:22; depth:2; threshold:type limit,track by_src,count 1,seconds 3600; reference:url,www.mandiant.com/resources/blog/barracuda-esg-exploited-globally; classtype:command-and-control; sid:2046275; rev:2; metadata:affected_product Barracuda_ESG, attack_target SMTP_Server, created_at 2023_06_15, deployment Perimeter, deployment Internal, deprecation_reason False_Positive, malware_family SEASPY, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2023_06_21; target:dest_ip;)
Jun 15, 2023, 12:00 PM
Jun 21, 2023, 12:00 PM
Jun 15, 2023, 10:00 PM
May 31, 2024, 9:00 PM
rules/emerging-malware.rules