Re: Help Writing a snort signature

[Lawrence Belyeu <lbelyeu71 () gmail com>]

I may have to send you so far what I have written even though I'm not sure
that will work.

On Aug 16, 2016 11:06 PM, "Y M" <snort () outlook com> wrote:

> Do you have a specific file hash or pcap? This would greatly help.
>
>
> Judging from google searches, one sample might be of interest (
> a2dc261893d9ccb4be571b0ef6b52a40) and is probably for the downloader and
> not the backdoor itself. In this case you can use the URIs to write
> signatures against. Though URIs alone may not provide accurate detection or
> you may end writing a signature for each URI variant/pattern. It would be
> nice to have additional information to use.
>
>
> YM
> ------------------------------
> *From:* Lawrence Belyeu <lbelyeu71 () gmail com>
> *Sent:* Wednesday, August 17, 2016 6:28:00 AM
> *To:* snort-sigs () lists sourceforge net
> *Subject:* [Snort-sigs] Help Writing a snort signature
>
> Folks, i'm having a hard time writing a signature I need for my job. Its
> in relation to Symantec Security Response signature for Trojan.Zekapab and
> Backdoor.Zekapab?
> Can someone please point me where I can get help in writing this. I have
> the sheet to help decipher what to input for signatures.
>
> Please help thanks
> Lawrence
------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!