[Snort-sigs] Ebury SSH Rootkit sig.

Y M snort at ...3751...
Sat Feb 15 13:05:12 EST 2014


Hi Joel, 
 
I am NOT the author of the rule. I was reading the article in hope to find something to sig on and I found the rule written already. cert-bund.de are the authors.
 
YM
 
From: jesler at ...3865...
To: snort at ...3751...
CC: snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] Ebury SSH Rootkit sig.
Date: Sat, 15 Feb 2014 18:02:03 +0000

Did you author the rule?  

--Joel EslerSent from my iPhone
On Feb 15, 2014, at 10:17, "Y M" <snort at ...3751...> wrote:



The sig is provided/available at https://www.cert-bund.de/ebury-faq, near the end of the page.
 
YM
 
 
 		 	   		  
------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort! 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140215/f0f8b54c/attachment.html>


More information about the Snort-sigs mailing list