ET MALWARE Win32.Agent.kawe SMTP Stealer

SID: 2036963Rev: 10 views
History
Sourceet/open
CreatedJune 10, 2022
UpdatedJune 10, 2022
Classificationtrojan-activity
alert smtp $HOME_NET any -> $EXTERNAL_NET [25,587,2525] (msg:"ET MALWARE Win32.Agent.kawe SMTP Stealer"; flow:established,to_server; content:"Content-Type|3a 20|multipart/mixed|3b 0d 0a 09|boundary=|22 2d 2d 2d 2d 3d|_NextPart_000_0000_"; content:"Content-Type|3a 20|text/plain|0d 0a|Content-Transfer-Encoding|3a 20|7bit"; content:"Content-Disposition|3a 20|attachment|3b 0d 0a 09|filename|3d 22|alkunpass|22|"; fast_pattern; reference:md5,cb94fede5345784c5ace43c01419aace; classtype:trojan-activity; sid:2036963; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_06_10, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_06_10;)

References

md5
cb94fede5345784c5ace43c01419aace
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
created at2022_06_10
deploymentPerimeter
performance impactLow
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_06_10

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!