[prev in list] [next in list] [prev in thread] [next in thread] 

List:       emerging-sigs
Subject:    Re: [Emerging-Sigs] Monero coin mining malware
From:       Jason Williams <jwilliams () emergingthreats ! net>
Date:       2017-09-29 21:16:46
Message-ID: CAPpdu9HEK-2VLSO_CSN=aqTB-O+gkDgJJ-bM8AeTC4KVwemc7Q () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


David,

We'll get these sigs into QA for next week.

Thanks!

Jason

On Fri, Sep 29, 2017 at 3:28 PM, David <lists@edeca.net> wrote:

> Hi,
>
> Some quick and dirty Suricata policy rules that we've found useful in
> detecting some Monero malware.
>
> https://github.com/nccgroup/Cyber-Defence/blob/master/Signat
> ures/suricata/2017_09_monero_malware.txt
>
> We've been using these for a week now, ESET have published some more
> detail about the malware at https://www.welivesecurity.com
> /2017/09/28/monero-money-mining-malware/
>
> Cheers,
>
> David
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs@lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>

[Attachment #5 (text/html)]

<div dir="ltr">David,<div><br></div><div>We&#39;ll get these sigs into QA for next \
week.  </div><div><br></div><div>Thanks!</div><div><br></div><div>Jason</div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 29, 2017 at 3:28 PM, \
David <span dir="ltr">&lt;<a href="mailto:lists@edeca.net" \
target="_blank">lists@edeca.net</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi,<br> <br>
Some quick and dirty Suricata policy rules that we&#39;ve found useful in detecting \
some Monero malware.<br> <br>
<a href="https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2017_09_monero_malware.txt" \
rel="noreferrer" target="_blank">https://github.com/nccgroup/Cy<wbr>ber-Defence/blob/master/Signat<wbr>ures/suricata/2017_09_monero_<wbr>malware.txt</a><br>
 <br>
We&#39;ve been using these for a week now, ESET have published some more detail about \
the malware at <a href="https://www.welivesecurity.com/2017/09/28/monero-money-mining-malware/" \
rel="noreferrer" target="_blank">https://www.welivesecurity.com<wbr>/2017/09/28/monero-money-minin<wbr>g-malware/</a><br>
 <br>
Cheers,<br>
<br>
David<br>
______________________________<wbr>_________________<br>
Emerging-sigs mailing list<br>
<a href="mailto:Emerging-sigs@lists.emergingthreats.net" \
target="_blank">Emerging-sigs@lists.emergingth<wbr>reats.net</a><br> <a \
href="https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs" \
rel="noreferrer" target="_blank">https://lists.emergingthreats.<wbr>net/mailman/listinfo/emerging-<wbr>sigs</a><br>
 <br>
Support Emerging Threats! Subscribe to Emerging Threats Pro <a \
href="http://www.emergingthreats.net" rel="noreferrer" \
target="_blank">http://www.emergingthreats.net</a><br> <br>
</blockquote></div><br></div>


[Attachment #6 (text/plain)]

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic