[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: Re: [Emerging-Sigs] Monero coin mining malware
From: Jason Williams <jwilliams () emergingthreats ! net>
Date: 2017-09-29 21:16:46
Message-ID: CAPpdu9HEK-2VLSO_CSN=aqTB-O+gkDgJJ-bM8AeTC4KVwemc7Q () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
David,
We'll get these sigs into QA for next week.
Thanks!
Jason
On Fri, Sep 29, 2017 at 3:28 PM, David <lists@edeca.net> wrote:
> Hi,
>
> Some quick and dirty Suricata policy rules that we've found useful in
> detecting some Monero malware.
>
> https://github.com/nccgroup/Cyber-Defence/blob/master/Signat
> ures/suricata/2017_09_monero_malware.txt
>
> We've been using these for a week now, ESET have published some more
> detail about the malware at https://www.welivesecurity.com
> /2017/09/28/monero-money-mining-malware/
>
> Cheers,
>
> David
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs@lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
[Attachment #5 (text/html)]
<div dir="ltr">David,<div><br></div><div>We'll get these sigs into QA for next \
week. </div><div><br></div><div>Thanks!</div><div><br></div><div>Jason</div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 29, 2017 at 3:28 PM, \
David <span dir="ltr"><<a href="mailto:lists@edeca.net" \
target="_blank">lists@edeca.net</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi,<br> <br>
Some quick and dirty Suricata policy rules that we've found useful in detecting \
some Monero malware.<br> <br>
<a href="https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2017_09_monero_malware.txt" \
rel="noreferrer" target="_blank">https://github.com/nccgroup/Cy<wbr>ber-Defence/blob/master/Signat<wbr>ures/suricata/2017_09_monero_<wbr>malware.txt</a><br>
<br>
We've been using these for a week now, ESET have published some more detail about \
the malware at <a href="https://www.welivesecurity.com/2017/09/28/monero-money-mining-malware/" \
rel="noreferrer" target="_blank">https://www.welivesecurity.com<wbr>/2017/09/28/monero-money-minin<wbr>g-malware/</a><br>
<br>
Cheers,<br>
<br>
David<br>
______________________________<wbr>_________________<br>
Emerging-sigs mailing list<br>
<a href="mailto:Emerging-sigs@lists.emergingthreats.net" \
target="_blank">Emerging-sigs@lists.emergingth<wbr>reats.net</a><br> <a \
href="https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs" \
rel="noreferrer" target="_blank">https://lists.emergingthreats.<wbr>net/mailman/listinfo/emerging-<wbr>sigs</a><br>
<br>
Support Emerging Threats! Subscribe to Emerging Threats Pro <a \
href="http://www.emergingthreats.net" rel="noreferrer" \
target="_blank">http://www.emergingthreats.net</a><br> <br>
</blockquote></div><br></div>
[Attachment #6 (text/plain)]
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic