""ET TROJAN Suspicious Email Attachment Possibly Related to Mydoom.L@mm""
SID: 2012932
Revision: 7
Class Type: trojan-activity
Metadata: created_at 2011_06_06, updated_at 2014_09_12
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: 25
Flow: to_server,established
Contents:
-
Value: "Subject|3a 20|"
-
Value: "mail"
-
Value: "name|3d 22|"
Within: 34
PCRE: "/name\x3d\x22(message|letter|.*lebanon\x2donline\x2ecom\x2elb)?\x2ezip\x22\x0d\x0a/"
Special Options:
-
nocase
-
nocase