[Emerging-Sigs] observation on 2008041 and 2008042
Jack Pepper
pepperjack at afferentsecurity.com
Wed Mar 26 07:00:54 EST 2008
Quoting Matt Jonkman <jonkman at jonkmans.com>:
> I'm currently looking at 6 different and new UDP c&c's in teh
> sandnet. Still trying to find patterns to make sigs. Several we've
> already released sigs for (medbod, etc).
>
> No other sigs hit there I assume?
>
> You able to give me a full pcap? Might help correlate to existing samples.
It was all caused by status updates in Hamachi. No hupigon.
jp
--
Framework? I don't need no stinking framework!
----------------------------------------------------------------
@fferent Security Labs: Isolate/Insulate/Innovate
http://www.afferentsecurity.com
More information about the Emerging-sigs
mailing list