""ET INFO SUSPICIOUS SMTP EXE - EXE SMTP Attachment""
SID: 2017886
Revision: 2
Class Type: bad-unknown
Metadata: created_at 2013_12_20, updated_at 2019_03_27
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $SMTP_SERVERS
Destination Port: [25,587]
Flow: established
Contents:
-
Value: "|0D 0A 0D 0A|TV"
-
Value: "AAAAAAAAAAAAAAAA"
Within: 200
PCRE:
Special Options: