[Snort-sigs] More APT1 info that needs to be made into snort rules

Barry Weymes weymes at ...1166...
Mon Mar 4 08:49:12 EST 2013


I came across a Symantec report today: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf

I was wondering if the information within it was made into a VRT rule. However, disappointingly I cant see any of it being made into rules.

Im also not sure if this the right place to be bringing this issue up. Can someone recommend a person within sourcefire that would knowledge about the rule generation process?


Barry Weymes, MSc. SSCP

Cybercrime Specialist  | weymes at ...1166...<mailto:weymes at ...1166...>|  Linkedin<http://www.linkedin.com/profile/view?id=43157458>

Description: Description: Description: Description: logo voor e-mail 250px 96dpi transparent

Olof Palmestraat 6, Delft

P.O. Box 638, 2600 AP Delft

The Netherlands

+31 (0)15 284 79 62


Chamber of Commere Haaglanden (No. 27301624).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130304/01f0f3ff/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 19181 bytes
Desc: image002.png
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130304/01f0f3ff/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 177 bytes
Desc: image001.png
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130304/01f0f3ff/attachment-0001.png>

More information about the Snort-sigs mailing list