[Emerging-Sigs] ABBCCoin sig

James Lay jlay at slave-tothe-box.net
Wed Feb 12 07:27:55 HST 2020


Just because: 

alert tcp any any -> any !$HTTP_PORTS (msg:"ABBCCoin Initial Connect";
flow:to_server,established; content:"_version"; within:16;
content:"ABBCCoin"; within:256; classtype:trojan-activity; sid:20166313;
rev:1;  reference:md5,77ec579347955cfa32f219386337f5bb;
metadata:created_at 2020_02_12;) 

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200212/f76a4226/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2020-02-12 10_27_28-Wireshark ?? Follow TCP Stream (tcp.stream eq 18) ?? 7477159797a7f06e3c153662bfef6.png
Type: image/png
Size: 30554 bytes
Desc: not available
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200212/f76a4226/attachment-0001.png>


More information about the Emerging-sigs mailing list