[Emerging-Sigs] Sigs for Possible German Governmental Backdoor / R2D2.A (Bundestrojaner)

Markus Manzke mm at mare-system.de
Tue Oct 11 14:10:11 EDT 2011


ist this the encrypted handshake-attempt?

> |11 26 80 7c ff ff ff ff 00 26 80 7c 42 25 80 7c|



Am 09.10.2011 15:55, schrieb Edward Fjellskål:
> Maybe also:
>
>
>
> alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"German Gov is on 
> to
> you! Run"; flow:from_client,established; content:"|11 26 80 7c ff ff 
> ff
> ff 00 26 80 7c 42 25 80 7c|"; classtype:trojan-activity;
> reference:url,ccc.de/en/updates/2011/staatstrojaner; sid:123456788; 
> rev:1;)
>
>







More information about the Emerging-sigs mailing list