""ET TROJAN Infostealer.Bancos Sending Stolen info SMTP""

SID: 2019938

Revision: 1

Class Type: trojan-activity

Metadata: created_at 2014_12_15, malware_family Bancos, tag Banking_Trojan, updated_at 2014_12_15

Reference:

  • md5

  • f71c41b816eadf221e188f6618798969

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: [25,587]

Flow: to_server,established

Contents:

  • Value: "X-Library|3a| Indy"

  • Value: "BIGFONE TOCOU"

  • Value: "Nome Comp"

Within:

PCRE:

Special Options:

source