""ET TROJAN Win32/MultiPasswordRecovery.A cs-crash PWS""
SID: 2014793
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2012_05_19, updated_at 2012_05_19
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: 25
Flow: to_server,established
Contents:
-
Value: "X-Mailer|3a| Blat "
-
Value: "Subject|3A 20|Contents of file|3A 20|stdin.txt"
-
Value: "name|3D|"
-
Value: ".mpf"
Within: 24
PCRE:
Special Options: