[Emerging-Sigs] Request #2 - ET signature for Linux/AES.DDoS
wmetcalf at emergingthreatspro.com
Sun Sep 21 08:55:05 EDT 2014
Awesome! Thank you Rick!
On Sun, Sep 21, 2014 at 7:25 AM, Hendrik Adrian <1 at 1rik.com> wrote:
> Hello ET friends,
> Here is another request, for the blocking signature to the different
> ELF DDoS threat malware I investigated, called: Linux/AES.DDoS.
> I made the dedicated repo for this threat too, in here, feel free to
> use as reference:
> The complete initial connection to CNC was successfully recorded,
> please see the attached images.
> <attached 2 PNG files>
> I will send the PCAP to the email addresses noted in the Cc.
> The "VERSONEX", "Hacke\nr", "INFO" are strings hard coded in the
> binary, can be used for sig purpose.
> "Mbps" is also useable but I recommended not to, since I saw versions
> not using these (the PPC or MIPS version)
> Please help to generate the signature accordingly and feel free to
> direct email me for more request or questions.
> Best regards
> Rick of MalwareMustDie
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs