[Emerging-Sigs] [Snort-sigs] ABBCCoin sig

James Lay jlay at slave-tothe-box.net
Thu Feb 13 08:55:51 HST 2020


Thanks Joel!

On 2020-02-13 10:17, Joel Esler (jesler) wrote:
> Thanks James,
> 
> We have a ticket open in our system!  Thanks for the contribution.
> 
> --
> 
> Joel Esler
> 
> Manager, Communities Division
> 
> Cisco Talos Intelligence Group
> 
> http://www.talosintelligence.com
> 
> FROM: Snort-sigs <snort-sigs-bounces at lists.snort.org> on behalf of
> James Lay via Snort-sigs <snort-sigs at lists.snort.org>
> REPLY-TO: "jlay at slave-tothe-box.net" <jlay at slave-tothe-box.net>
> DATE: Wednesday, February 12, 2020 at 12:30 PM
> TO: Snort-Sigs <snort-sigs at lists.snort.org>, emerging-sigs
> <emerging-sigs at emergingthreats.net>
> SUBJECT: [Snort-sigs] ABBCCoin sig
> 
> Just because:
> 
> alert tcp any any -> any !$HTTP_PORTS (msg:"ABBCCoin Initial Connect";
> flow:to_server,established; content:"_version"; within:16;
> content:"ABBCCoin"; within:256; classtype:trojan-activity;
> sid:20166313; rev:1;  reference:md5,77ec579347955cfa32f219386337f5bb;
> metadata:created_at 2020_02_12;)
> 
> James


More information about the Emerging-sigs mailing list