More APT1 info that needs to be made into snort rules

[Barry Weymes <weymes () fox-it com>]

Hello,



I came across a Symantec report today: 
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf

I was wondering if the information within it was made into a VRT rule. However, disappointingly I cant see any of it 
being made into rules.



Im also not sure if this the right place to be bringing this issue up. Can someone recommend a person within sourcefire 
that would knowledge about the rule generation process?



Cheers

Barry Weymes, MSc. SSCP



Cybercrime Specialist  | weymes () fox-it com<mailto:weymes () fox-it com>|  
Linkedin<http://www.linkedin.com/profile/view?id=43157458>




Description: Description: Description: Description: logo voor e-mail 250px 96dpi transparent

Olof Palmestraat 6, Delft

P.O. Box 638, 2600 AP Delft

The Netherlands

+31 (0)15 284 79 62

FOX-IT.COM<http://www.fox-it.com/>



Chamber of Commere Haaglanden (No. 27301624).

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!