Snort mailing list archives
Re: Help Writing a snort signature
From: Lawrence Belyeu <lbelyeu71 () gmail com>
Date: Tue, 16 Aug 2016 23:35:29 -0500
I may have to send you so far what I have written even though I'm not sure that will work. On Aug 16, 2016 11:06 PM, "Y M" <snort () outlook com> wrote:
Do you have a specific file hash or pcap? This would greatly help. Judging from google searches, one sample might be of interest ( a2dc261893d9ccb4be571b0ef6b52a40) and is probably for the downloader and not the backdoor itself. In this case you can use the URIs to write signatures against. Though URIs alone may not provide accurate detection or you may end writing a signature for each URI variant/pattern. It would be nice to have additional information to use. YM ------------------------------ *From:* Lawrence Belyeu <lbelyeu71 () gmail com> *Sent:* Wednesday, August 17, 2016 6:28:00 AM *To:* snort-sigs () lists sourceforge net *Subject:* [Snort-sigs] Help Writing a snort signature Folks, i'm having a hard time writing a signature I need for my job. Its in relation to Symantec Security Response signature for Trojan.Zekapab and Backdoor.Zekapab? Can someone please point me where I can get help in writing this. I have the sheet to help decipher what to input for signatures. Please help thanks Lawrence
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Help Writing a snort signature Lawrence Belyeu (Aug 16)
- Re: Help Writing a snort signature Y M (Aug 16)
- Re: Help Writing a snort signature Lawrence Belyeu (Aug 16)
- Re: Help Writing a snort signature Y M (Aug 16)