ET MALWARE Asprox Fake Ximian Evolution X-Mailer Header (XimianEvolution1.4.6)

SID: 2018336Rev: 60 viewsHistory

Sourceet/open

CreatedMarch 31, 2014

UpdatedMarch 17, 2022

Classificationtrojan-activity

alert tcp $HOME_NET any -> $EXTERNAL_NET [25,587] (msg:"ET MALWARE Asprox Fake Ximian Evolution X-Mailer Header (XimianEvolution1.4.6)"; flow:established,to_server; content:"X-Mailer|3a| XimianEvolution1.4.6"; fast_pattern; content:"|0d 0a|Content-Disposition|3a| attachment|3b|"; content:!"|0d 0a|Subject|3a| Undeliverable|3a|"; content:!"X-Barracuda-"; reference:url,techhelplist.com/index.php/tech-tutorials/41-misc/438-asprox-botnet-trojan-run-malware-spamming-1; reference:url,stopmalvertising.com/tag/asprox.html; classtype:trojan-activity; sid:2018336; rev:6; metadata:created_at 2014_03_31, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_03_17;)

References

url	techhelplist.com/index.php/tech-tutorials/41-misc/438-asprox-botnet-trojan-run-malware-spamming-1
url	stopmalvertising.com/tag/asprox.html

Metadata

created at2014_03_31

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2022_03_17

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!