[Snort-sigs] [Emerging-Sigs] Mandiant APT1 Report

Christopher Granger chrisgrangerx at ...2420...
Wed Feb 20 19:19:51 EST 2013


There's also a lot of overlap between Appendix D and:


   - http://pastebin.com/yKSQd5Z5
   - http://www.secureworks.com/research/threats/htran/


VRT released nearly 800 rules to cover DNS lookups of these domains back in
May, 2012 (SIDs 1:22116 - 1:22914)

Best,
-Chris

On Tue, Feb 19, 2013 at 4:23 PM, Joel Esler <jesler at ...435...> wrote:

>  We have some rules coming out in today's package for this, more coming.
>
> --
>
> Joel Esler
> Senior Research Engineer, VRT
> Open Source Community Manager
>
> On Tuesday, February 19, 2013 at 11:59 AM, James Lay wrote:
>
> Enlightening...the FQDN and Certs Appendices are interesting as well:
>
> http://intelreport.mandiant.com/
>
> James
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3694...
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for all versions of
> Suricata and Snort 2.4.0 through Current!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130220/c62d5e19/attachment.html>


More information about the Snort-sigs mailing list