[Emerging-Sigs] New CnC Sigs
Matt Jonkman
jonkman at jonkmans.com
Thu May 22 15:11:59 EDT 2008
Jeffrey Brown has put in some new signatures from a new command and
control channel discovered in a sandnet sample. No name for it yet, and
no AV detection at all. Which is very strange as the sample was
discovered and submitted to the AV community over a week ago.
MD5 of the sample in question is 50ce9d2bf24db7cc90b7fba99c413d56. And
Jeffrey has written signatures 2008245-2008247 to detect the channel.
More updates will be posted to the wiki, and we'll get a name on this
thing shortly.
Matt
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Emerging-sigs
mailing list