Re: [Emerging-Sigs] FastPOS sig

[Jason Williams <jwilliams () emergingthreats net>]

Thanks for the share James!

We'll get a variant of this into QA shortly.

Thanks,

Jason



On Fri, Jun 3, 2016 at 4:48 PM, James Lay <jlay () slave-tothe-box net> wrote:

> Quick and dirty, sanity checked only:
>
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-OTHER
> FastPOS traffic detected"; flow:established,to_server;
> content:"cdosys|2e|php|3f|comdlg64|3d|"; fast_pattern:only; reference:url,
> blog.trendmicro.com/trendlabs-security-intelligence/fastpos-quick-and-easy-credit-card-theft/;
> classtype:trojan-activity; sid:10000131; rev:1;)
>
> VT:
>
> https://www.virustotal.com/en/file/dd1be99f612a0f72a453bc69758f4bc4f9552e27bf49baef71b43185164892b5/analysis/
>
> James
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs () lists emergingthreats net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!