[Emerging-Sigs] Removed Rules
jcallcott at emergingthreats.net
Fri Mar 13 06:15:29 HDT 2020
I disabled this signature back in November due to it firing on legitimate
wake-on-lan packets. Ryuk didn't appear to do anything special to
distinguish its WoL usage from the usual/legitimate WoL packets.
On Fri, Mar 13, 2020 at 12:45 PM Dave Slaughter <dslaughter at qualys.com>
> 11/8/19 2028943 - ET TROJAN Ryuk Wake-on-LAN Packet Observed
> (trojan.rules) was removed. Does anyone know the reason?
> *Dave *
> This message may contain confidential and privileged information. If it
> has been sent to you in error, please reply to advise the sender of the
> error and then immediately delete it. If you are not the intended
> recipient, do not read, copy, disclose or otherwise use this message. The
> sender disclaims any liability for such unauthorized use. NOTE that all
> incoming emails sent to Qualys email accounts will be archived and may be
> scanned by us and/or by external service providers to detect and prevent
> threats to our systems, investigate illegal or inappropriate behavior,
> and/or eliminate unsolicited promotional emails (“spam”). If you have any
> concerns about this process, please contact us.
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> Support Emerging Threats! Subscribe to Emerging Threats Pro
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs