[Snort-sigs] Snort sigs for BlackEnergy v3 / lite

Joel Esler (jesler) jesler at ...3865...
Fri Oct 10 13:50:39 EDT 2014


Yes. We are working on this issue currently.

Joel Esler
Open Source Manager
Threat Intelligence Team Lead

> On Oct 10, 2014, at 10:57 AM, waldo kitty <wkitty42 at ...3507...> wrote:
> On 10/10/2014 9:23 AM, David Bryant wrote:
>> Are there any signatures to detect the newer variants of BlackEnergy
>> (i.e. v3 / lite) or any being written other than from Emerging Threats?
>> I did not see any from Sourcefire VRT, but thought I'd ask in case I
>> missed them or they are under a different name.
> please don't hijack an existing thread for a new topic... many who might be able 
> to help might have that thread blocked and would miss your post... you should 
> post your topic as a new message to get the widest viewing...
> https://github.com/vrtadmin/snort-faq/blob/master/Lists/What-is-the-mailing-list-nettiquete.md
> i can't help with your question... maybe others can if/when they find your new 
> topic...
> -- 
>  NOTE: No off-list assistance is given without prior approval.
>        Please *keep mailing list traffic on the list* unless
>        private contact is specifically requested and granted.
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20141010/65b60a40/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4881 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20141010/65b60a40/attachment.bin>

More information about the Snort-sigs mailing list