Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is there a signature for the Taidoor malware?

From: Tony Robinson <deusexmachina667 () gmail com>
Date: Mon, 10 Dec 2012 00:17:55 -0500
http://www.snort.org/search/sid/20204

cheers.

it appears to be a GID 1 rule meaning that the rule is plaintext so you can
see what it is the rule keys on for alerting.

Additionally the metadata should contain URLS for you to reference to.

-DA

On Sun, Dec 9, 2012 at 11:36 PM, Eric Dorman <edorman11 () gmail com> wrote:


Hello,

I am new to doing signatures and I was wondering if there was a
signature for the Taidoor malware already in Snort?

I am especially interested in the C&C communication techniques with
malware and so I just wanted to ask the above question.

Thanks,
Eric


------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!





-- 
when does reality end? when does fantasy begin?

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: