Re: backdoored ssh-decorator package

[wkitty42 () windstream net]

On 05/10/2018 12:31 PM, Y M via Snort-sigs wrote:
> I wasn't aware there was an 'original one'! If you don't mind sharing a 
> reference, that would be great.


i don't know if it is original or not... i saw it posted on twitter...

[lottsa time passes]

waded and waded and waded back through my twitter feed to try to find what i had 
seen... i didn't find it but i found something related that shows it... here's 
the pic from the article... look closely at the bottom red box and the red arrow...


https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/05/Python-SSH-Backdoor-2.png?ssl=1


it may be that that is not transmitted over the wire? i saw someone else comment 
about it in twitter and had to go back and look closer to see it... then a few 
hours later i see your post in here about the same thing ;)



--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" 
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!