Snort mailing list archives
Re: Multiple signatures 008
From: Marcos Rodriguez <mrodriguez () sourcefire com>
Date: Mon, 6 Aug 2018 09:17:09 -0400
On Mon, Aug 6, 2018 at 1:50 AM, Y M via Snort-sigs < snort-sigs () lists snort org> wrote:
Adding some updates to this post.. The following Android packages have been identified thus far to exhibit the network patterns in sid 8000226, as seen on the wire: com.divum.MoneyControl (version: 5.0.2) com.zeptolab.cats.google (version: 2.11.1) free.vpn.unblock.proxy.turbovpn (version: 2.4.4) The signature sid 8000230 above maybe ignored since the research author released rules. https://blog.nviso.be/2018/08/02/powershell-inside-a-certificate-part-3/ Thanks. YM
Hiya Yaser, Thanks for this update, we'll get this updated accordingly. Have a great day! -- Marcos Rodriguez Cisco Talos
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- Multiple signatures 008 Y M via Snort-sigs (Aug 01)
- Re: Multiple signatures 008 Marcos Rodriguez (Aug 01)
- Re: Multiple signatures 008 Y M via Snort-sigs (Aug 05)
- Re: Multiple signatures 008 Marcos Rodriguez (Aug 06)
- Re: Multiple signatures 008 Y M via Snort-sigs (Aug 05)
- Re: Multiple signatures 008 Marcos Rodriguez (Aug 01)