Snort mailing list archives
Re: [Emerging-Sigs] FastPOS sig
From: Jason Williams <jwilliams () emergingthreats net>
Date: Fri, 3 Jun 2016 17:06:07 -0500
Thanks for the share James! We'll get a variant of this into QA shortly. Thanks, Jason On Fri, Jun 3, 2016 at 4:48 PM, James Lay <jlay () slave-tothe-box net> wrote:
Quick and dirty, sanity checked only: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-OTHER FastPOS traffic detected"; flow:established,to_server; content:"cdosys|2e|php|3f|comdlg64|3d|"; fast_pattern:only; reference:url, blog.trendmicro.com/trendlabs-security-intelligence/fastpos-quick-and-easy-credit-card-theft/; classtype:trojan-activity; sid:10000131; rev:1;) VT: https://www.virustotal.com/en/file/dd1be99f612a0f72a453bc69758f4bc4f9552e27bf49baef71b43185164892b5/analysis/ James _______________________________________________ Emerging-sigs mailing list Emerging-sigs () lists emergingthreats net https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- FastPOS sig James Lay (Jun 03)
- Re: [Emerging-Sigs] FastPOS sig Jason Williams (Jun 06)