ET SMTP Incoming SMTP Message with Possibly Malicious MIME Epilogue 2016-05-13 (BadEpilogue)
Sourceet/open
Fileemerging-smtp.rules
CreatedSeptember 22, 2016
UpdatedMarch 7, 2024
Classificationbad-unknown
alert tcp any any -> $SMTP_SERVERS [25,587] (msg:"ET SMTP Incoming SMTP Message with Possibly Malicious MIME Epilogue 2016-05-13 (BadEpilogue)"; flow:established,to_server ; content:"|0d 0a|Content-Type|3a 20|multipart|2f|mixed|3b|"; fast_pattern; content:"|0d 0a 2d 2d|"; distance:0; pcre:"/^(?P<boundary>[\x20\x27-\x29\x2b-\x2f0-9\x3a\x3d\x3fA-Z\x5fa-z]{0,69}?[^\x2d])--(?:\x0d\x0a(?!--|\x2e|RSET)[^\r\n]*?)*\x0d\x0a--(?P=boundary)\x0d\x0a/R" ; reference:url,www.certego.local/en/news/badepilogue-the-perfect-evasion/ ; classtype:bad-unknown; sid:2023255; rev:3; metadata:attack_target SMTP_Server, created_at 2016_09_22, deployment Datacenter, performance_impact Low, signature_severity Major, updated_at 2024_03_07;)
Metadata
attack targetSMTP_Server
created at2016_09_22
deploymentDatacenter
performance impactLow
signature severityMajor
updated at2024_03_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!