Snort mailing list archives
APT - Backdoor:W32/Wonknu.A - Error correction
From: Lenny Hansson <security () netcowboy dk>
Date: Thu, 26 Nov 2015 18:20:01 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Correction for rule SID: 5019106 and 5019107 Wrong domains. My bad. alert udp $HOME_NET any -> any 53 (msg:"NF - APT - W32/Wonknu.A - DNS Lookup (sft.spiritaero.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|03|sft|0a|spiritaero|03|com"; nocase; distance:0; fast_pattern; reference:url,http://networkforensic.dk/; reference:url,https://labsblog.f-secure.com/2015/11/24/wonknu-a-spy-for- the-3rd-asean-us-summit/; metadata:26112015 Priority:1; sid:5019106; rev:1;) alert udp $HOME_NET any -> any 53 (msg:"NF - APT - W32/Wonknu.A - DNS Lookup (arc.asean.org)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|03|arc|05|asean|03|org"; nocase; distance:0; fast_pattern; reference:url,http://networkforensic.dk/; reference:url,https://labsblog.f-secure.com/2015/11/24/wonknu-a-spy-for- the-3rd-asean-us-summit/; metadata:26112015 Priority:1; sid:5019107; rev:1;) - -- Venlig hilsen / Best Regards Lenny Hansson *********************************** Mobile: +45 42 71 49 01 Web: networkforensic.dk *********************************** E-mail: security () netcowboy dk Key-ID: 1527E63D *********************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWVz9BAAoJEAUh+LgVJ+Y9lHgH/0eXEmdroRPIeHZxUMM+ulo+ PHjUxkiJ1KmaJmTVwzQcTkyvaQEeG+TMWu2ao4Cf0ZojRBh1dP9qj/sZaszT1NMv 0CZ7w8vDf3jRaBpxehRB/jLDELwwXmz9A7zZnlcXu3ykGNN5tlhld6GR8bLOywtw 3CSwaQSvtNM8xLC7vcOa46QRxw1YI7vSXE8CBeUyGVyCF7F3Dfy+85uUsYzF9DS+ lW+l5lsro+1WU1emrD9ZwZWM/e9Qr/Kd+DUTX4649d8i/getZFYkGdqJoAMnTAd4 NVYglAdpORM1J97agpeL3WiFEMnuJOBXHjDxJTsaNOmBwbLAi/nwDSRBDHCiuGc= =jM0c -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- APT - Backdoor:W32/Wonknu.A - Error correction Lenny Hansson (Nov 26)