ET MALWARE Kriptovor SMTP Traffic
Sourceet/open
CreatedApril 9, 2015
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET [25,465,587] (msg:"ET MALWARE Kriptovor SMTP Traffic"; flow:established,to_server; content:"|0d 0a|PC|3a 20|"; content:"|0d 0a|Text|3a 20|"; distance:0; content:"|0d 0a|IP|3a 20|"; distance:0; content:"|0d 0a|TS|3a 20|"; distance:0; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,c3ab87f85ca07a7d026d3cbd54029bbe; classtype:trojan-activity; sid:2020884; rev:1; metadata:created_at 2015_04_09, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
References
| url | fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html |
| md5 | c3ab87f85ca07a7d026d3cbd54029bbe |
Metadata
created at2015_04_09
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_07_26
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!