Showing posts with label Sourcefire. Show all posts
Showing posts with label Sourcefire. Show all posts
Monday, December 26, 2016

1:41083 BLACKLIST suspicious .bit dns query

I previously wrote about documentation-less snort rules . Below is my attempt to fill in some of those gaps. Whomever created this dns que...

1:41088 MALWARE-CNC Win.Trojan.MrWhite Win.Trojan.Ostap out bound communication attempt

I previously wrote about documentation-less snort rules . Below is my attempt to fill in some of those gaps. Whomever created these trojan...
1 comment:

1:41034 MALWARE-CNC Win.Trojan.Sality variant outbound connection

I previously wrote about documentation-less snort rules . Below is my attempt to fill in some of those gaps. Whomever created these trojan...

1:41033 MALWARE-CNC Win.Trojan.Proteus outbound connection

I previously wrote about documentation-less snort rules . Below is my attempt to fill in some of those gaps. Whomever created these trojan...

1:41031 MALWARE-CNC Win.Trojan.Athena variant outbound connection

I previously wrote about documentation-less snort rules . Below is my attempt to fill in some of those gaps. Whomever created these trojan...
Wednesday, December 14, 2016

Documentation-less Snort Rules

Has anybody else noticed that what seems like the majority of new snort rules that come out and you can use in an IDS (intrusion detection s...
Friday, August 19, 2016

TRUFFLEHUNTER Snort Rules

What are they? These links give some background seclist and stack exchange . That rule is a "truffle," which means it detect...