ET HUNTING Suspicious X-mailer Synapse Inbound to SMTP Server

SID: 2021135Rev: 20 views
History
Sourceet/open
CreatedMay 21, 2015
UpdatedOctober 8, 2019
Classificationtrojan-activity
alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS [25,587] (msg:"ET HUNTING Suspicious X-mailer Synapse Inbound to SMTP Server"; flow:established,to_server; content:"produced by Synapse"; fast_pattern; content:"X|2d|mailer|3a 20|Synapse|20 2d 20|Pascal TCP|2f|IP library by Lukas Gebauer"; reference:url,www.joewein.net/spam/spam-joejob.htm; classtype:trojan-activity; sid:2021135; rev:2; metadata:created_at 2015_05_21, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)

References

urlwww.joewein.net/spam/spam-joejob.htm

Metadata

created at2015_05_21
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_10_08

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!