Snort mailing list archives
Re: backdoored ssh-decorator package
From: Y M via Snort-sigs <snort-sigs () lists snort org>
Date: Thu, 10 May 2018 16:31:37 +0000
I wasn't aware there was an 'original one'! If you don't mind sharing a reference, that would be great. YM ________________________________ From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of wkitty42 () windstream net <wkitty42 () windstream net> Sent: Thursday, May 10, 2018 5:24 PM To: snort-sigs () lists snort org Subject: Re: [Snort-sigs] backdoored ssh-decorator package On 05/09/2018 04:03 PM, Y M via Snort-sigs wrote:
Hi, The below rule is derived from the reference. Simple testing with python is show below as illustrated in the screenshot in the reference.
was this thing fixed from the original(?) one? i've seen another one that misspells "password" one time... the 'w' and the 'o' are reversed... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- backdoored ssh-decorator package Y M via Snort-sigs (May 09)
- Re: backdoored ssh-decorator package wkitty42 (May 10)
- Re: backdoored ssh-decorator package Phillip Lee (May 10)
- Re: backdoored ssh-decorator package Y M via Snort-sigs (May 10)
- Re: backdoored ssh-decorator package Y M via Snort-sigs (May 10)
- Re: backdoored ssh-decorator package wkitty42 (May 10)
- Re: backdoored ssh-decorator package Phillip Lee (May 10)
- Re: backdoored ssh-decorator package wkitty42 (May 10)