alert tcp-pkt any any -> $SMTP_SERVERS [25,587] (msg:"ET MALWARE [Mandiant] UNC4841 SEASPY Backdoor Activity M1"; flow:stateless,to_server; flags:S; dsize:>9; content:"oXmp"; startswith; threshold:type limit,track by_src,count 1,seconds 3600; reference:url,www.mandiant.com/resources/blog/barracuda-esg-exploited-globally; classtype:command-and-control; sid:2046273; rev:1; metadata:affected_product Barracuda_ESG, attack_target SMTP_Server, created_at 2023_06_15, deployment Perimeter, deployment Internal, malware_family SEASPY, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_06_21, reviewed_at 2023_08_21; target:dest_ip;)