[Emerging-Sigs] Request #2 - ET signature for Linux/AES.DDoS

Will Metcalf wmetcalf at emergingthreatspro.com
Sun Sep 21 08:55:05 EDT 2014

Awesome! Thank you Rick!



On Sun, Sep 21, 2014 at 7:25 AM, Hendrik Adrian <1 at 1rik.com> wrote:

> Hello ET friends,
> Here is another request, for the blocking signature to the different
> ELF DDoS threat malware I investigated, called: Linux/AES.DDoS.
> I made the dedicated repo for this threat too, in here, feel free to
> use as reference:
> http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
> The complete initial connection to CNC was successfully recorded,
> please see the attached images.
> <attached 2 PNG files>
> I will send the PCAP to the email addresses noted in the Cc.
> The "VERSONEX", "Hacke\nr", "INFO" are strings hard coded in the
> binary, can be used for sig purpose.
> "Mbps" is also useable but I recommended not to, since I saw versions
> not using these (the PPC or MIPS version)
> Please help to generate the signature accordingly and feel free to
> direct email me for more request or questions.
> Best regards
> Rick of MalwareMustDie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140921/92e2ba93/attachment.html>

More information about the Emerging-sigs mailing list