Rule Document 1:65448

Report a false positive

Rule Category

MALWARE-TOOLS --

Alert Message

MALWARE-TOOLS Zimbra Collaboration Suite data stealer outbound connection attempt

Rule Explanation

This rule looks for malicious outbound connection attempts from the local network to an external network which may contain stolen sensitive information from Zimbra webmail users.

What To Look For

This rule will alert when a malicious outbound connection has been detected in the network. This may be related to some data stealer software affecting a vulnerable Zimbra webmail server

Known Usage

Attacks/Scans seen in the wild

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Command and Control::Application Layer Protocol

Vulnerability::Severity::Medium

Vulnerability::Severity::Critical

Vulnerability::Severity::High

CVE

CVE-2025-27915

Additional Links

wiki.zimbra.com/wiki/Security_Center

Rule Vulnerability

N/A

Not Applicable

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2025-27915
 Loading description