[Emerging-Sigs] New Agenttesla email exfil sig

Jack Mott jmott at emergingthreats.net
Mon Nov 18 11:28:53 HST 2019


Thanks James!

We have something for this going out today but I’ll mod to OPEN.

Best,

Jack

On Mon, Nov 18, 2019 at 14:27 James Lay <jlay at slave-tothe-box.net> wrote:

> Cause these clowns keep modding this junk:
>
> alert tcp any any -> any 25,465,587  (msg:"TROJAN: New AgentTesla Email
> Exfil"; flow:established,to_server; content:"Subject:"; content:"|2f|";
> within:50; content:"|3c|br|3e|User Name:";
> content:"|3c|br|3e|OSFullName:"; classtype:trojan-activity;
> sid:20166308; rev:1; metadata:created_at 2019_11_16;)
>
> James
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191118/514a6fc2/attachment.html>


More information about the Emerging-sigs mailing list