[Emerging-Sigs] [Snort-sigs] ABBCCoin sig

Joel Esler (jesler) jesler at cisco.com
Thu Feb 13 07:17:58 HST 2020

Thanks James,


We have a ticket open in our system!  Thanks for the contribution.



Joel Esler

Manager, Communities Division

Cisco Talos Intelligence Group



From: Snort-sigs <snort-sigs-bounces at lists.snort.org> on behalf of James Lay via Snort-sigs <snort-sigs at lists.snort.org>
Reply-To: "jlay at slave-tothe-box.net" <jlay at slave-tothe-box.net>
Date: Wednesday, February 12, 2020 at 12:30 PM
To: Snort-Sigs <snort-sigs at lists.snort.org>, emerging-sigs <emerging-sigs at emergingthreats.net>
Subject: [Snort-sigs] ABBCCoin sig



Just because:


alert tcp any any -> any !$HTTP_PORTS (msg:"ABBCCoin Initial Connect"; flow:to_server,established; content:"_version"; within:16; content:"ABBCCoin"; within:256; classtype:trojan-activity; sid:20166313; rev:1;  reference:md5,77ec579347955cfa32f219386337f5bb; metadata:created_at 2020_02_12;)




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200213/c3bfeca0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 30555 bytes
Desc: not available
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200213/c3bfeca0/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3693 bytes
Desc: not available
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200213/c3bfeca0/attachment-0001.bin>

More information about the Emerging-sigs mailing list