""ET TROJAN Egspy Infection Report Email""

SID: 2008039

Revision: 3

Class Type: trojan-activity

Metadata: created_at 2010_07_30, updated_at 2010_10_02

Reference:

• Link

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: 25

Flow: established,to_server

Contents:

• Value: "FROM\: EgySpy Victim"

• Value: "TO|3a| EgySpy User"

• Value: "SUBJECT|3a| E g y S p y KeyLogger"

Within:

PCRE:

Special Options:

source