Re: APTs snort rules

["Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>]

Hey Males,

While we don't label our rules "APT13 protection!", our rules are named and written towards the malware they defend you 
from or the vulnerabilities that are being exploited.  The ruleset is available from Snort.org<http://Snort.org>, and 
if you don't mind being 30 days behind-the-times, it's free for use.


--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

On Jan 7, 2020, at 3:28 PM, Males Officials <malek () hemayate com<mailto:malek () hemayate com>> wrote:


Dears
Can you please share any role related to APTs groups that can be detect  in network level, Whether malware or command 
and control behavior.
Malek Al-Dossary
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org<mailto:Snort-sigs () lists snort org>
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!