Snort mailing list archives

Previous By Date Next
Previous By Thread Next

FastPOS sig

From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 03 Jun 2016 15:48:07 -0600
Quick and dirty, sanity checked only:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-OTHER 
FastPOS traffic detected"; flow:established,to_server; 
content:"cdosys|2e|php|3f|comdlg64|3d|"; fast_pattern:only; 
reference:url,blog.trendmicro.com/trendlabs-security-intelligence/fastpos-quick-and-easy-credit-card-theft/; 
classtype:trojan-activity; sid:10000131; rev:1;)

VT:
https://www.virustotal.com/en/file/dd1be99f612a0f72a453bc69758f4bc4f9552e27bf49baef71b43185164892b5/analysis/

James

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: