[Emerging-Sigs] Night Dragon C&C

Nick Randolph randolphdavidn at gmail.com
Thu Feb 10 10:34:20 EST 2011


A couple rules for C&C traffic for some malware that McAfee is calling
NightDragon. They go into the C&C traffic on page 9.

http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf

alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"Night Dragon C&C
Traffic - Outbound"; content:"|68 57 24|"; offset:66;
classtype:trojan-activity;
reference:url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf;
gid:1; sid:xxxxxxxx;)

alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"Night Dragon C&C
Traffic - Inbound"; content:"|68 57 24|"; offset:66;
classtype:trojan-activity;
reference:url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf;
gid:1; sid:xxxxxxxx;)


More information about the Emerging-sigs mailing list