[Emerging-Sigs] [Snort-sigs] ABBCCoin sig

Jason Taylor jastaylor at emergingthreats.net
Wed Feb 12 10:43:00 HST 2020


Thanks James!

We will take a look and get these into QA for today.

Regards,

JT

On Wed, Feb 12, 2020 at 12:28 PM James Lay via Snort-sigs <
snort-sigs at lists.snort.org> wrote:

>
> Just because:
>
> alert tcp any any -> any !$HTTP_PORTS (msg:"ABBCCoin Initial Connect";
> flow:to_server,established; content:"_version"; within:16;
> content:"ABBCCoin"; within:256; classtype:trojan-activity; sid:20166313;
> rev:1;  reference:md5,77ec579347955cfa32f219386337f5bb; metadata:created_at
> 2020_02_12;)
>
>
> James
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-sigs
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200212/ab662574/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2020-02-12 10_27_28-Wireshark · Follow TCP Stream (tcp.stream eq 18) · 7477159797a7f06e3c153662bfef6.png
Type: image/png
Size: 30554 bytes
Desc: not available
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200212/ab662574/attachment-0001.png>


More information about the Emerging-sigs mailing list