ET SMTP Incoming SMTP Message with Possibly Malicious MIME Epilogue 2016-05-13 (BadEpilogue)

SID: 2023255Rev: 20 views
Sourceet/open
CreatedSeptember 22, 2016
UpdatedMarch 17, 2022
Classificationbad-unknown
alert tcp any any -> $SMTP_SERVERS [25,587] (msg:"ET SMTP Incoming SMTP Message with Possibly Malicious MIME Epilogue 2016-05-13 (BadEpilogue)"; flow:to_server,established; content:"|0d 0a|Content-Type|3a 20|multipart|2f|mixed|3b|"; fast_pattern; content:"|0d 0a 2d 2d|"; distance:0; pcre:"/^(?P<boundary>[\x20\x27-\x29\x2b-\x2f0-9\x3a\x3d\x3fA-Z\x5fa-z]{0,69}?[^\x2d])--(?:\x0d\x0a(?!--|\x2e|RSET)[^\r\n]*?)*\x0d\x0a--(?P=boundary)\x0d\x0a/R"; reference:url,www.certego.local/en/news/badepilogue-the-perfect-evasion/; classtype:bad-unknown; sid:2023255; rev:2; metadata:attack_target SMTP_Server, created_at 2016_09_22, deployment Datacenter, performance_impact Low, signature_severity Major, updated_at 2022_03_17;)

References

urlwww.certego.local/en/news/badepilogue-the-perfect-evasion/

Metadata

attack targetSMTP_Server
created at2016_09_22
deploymentDatacenter
performance impactLow
signature severityMajor
updated at2022_03_17

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!