Re: backdoored ssh-decorator package

[Y M via Snort-sigs <snort-sigs () lists snort org>]

I wasn't aware there was an 'original one'! If you don't mind sharing a reference, that would be great.

YM

________________________________
From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of wkitty42 () windstream net <wkitty42 () 
windstream net>
Sent: Thursday, May 10, 2018 5:24 PM
To: snort-sigs () lists snort org
Subject: Re: [Snort-sigs] backdoored ssh-decorator package

On 05/09/2018 04:03 PM, Y M via Snort-sigs wrote:
> Hi,
>
> The below rule is derived from the reference. Simple testing with python is show
> below as illustrated in the screenshot in the reference.


was this thing fixed from the original(?) one? i've seen another one that
misspells "password" one time... the 'w' and the 'o' are reversed...


--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!