Snort mailing list archives
Re: [Emerging-Sigs] Mandiant APT1 Report
From: Christopher Granger <chrisgrangerx () gmail com>
Date: Wed, 20 Feb 2013 19:19:51 -0500
There's also a lot of overlap between Appendix D and: - http://pastebin.com/yKSQd5Z5 - http://www.secureworks.com/research/threats/htran/ VRT released nearly 800 rules to cover DNS lookups of these domains back in May, 2012 (SIDs 1:22116 - 1:22914) Best, -Chris On Tue, Feb 19, 2013 at 4:23 PM, Joel Esler <jesler () sourcefire com> wrote:
We have some rules coming out in today's package for this, more coming. -- Joel Esler Senior Research Engineer, VRT Open Source Community Manager On Tuesday, February 19, 2013 at 11:59 AM, James Lay wrote: Enlightening...the FQDN and Certs Appendices are interesting as well: http://intelreport.mandiant.com/ James ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! _______________________________________________ Emerging-sigs mailing list Emerging-sigs () lists emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for all versions of Suricata and Snort 2.4.0 through Current!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Mandiant APT1 Report James Lay (Feb 19)
- Re: Mandiant APT1 Report Joel Esler (Feb 19)
- Re: [Emerging-Sigs] Mandiant APT1 Report Christopher Granger (Feb 20)
- Re: Mandiant APT1 Report Joel Esler (Feb 19)