Home | About Us | FAQ | Signature Downloads | All Projects | Submit a Signature | Mailing Lists | Feeds | Open Job Board | Sponsors | Documentation

  • RSS Latest Docs

    • 2003394
    • SnortConfSamples
    • FastFluxDNSResponseDetection
    • 2007634
    • DilipPatel
    • TestTest123
    • 2003642
    • 2007588
    • 2007688
    • 2007706

  • RSS Latest Sigs

    • VIRUS/TROJAN_PRG
    • VIRUS/TROJAN_Win32.Pakes
    • current-sids.txt
    • CURRENT_EVENTS/CURRENT_WPAD
    • current-sids.txt
    • CURRENT_EVENTS/CURRENT_WPAD
    • current-sids.txt
    • WEB/WEB_Neosploit
    • current-sids.txt
    • VIRUS/TROJAN_Win32.Pakes

  • Recent Comments

    • Buck on Guard.zip Phish, Very targeted, Sig Available
    • Lance on Guard.zip Phish, Very targeted, Sig Available
    • akgunk on Guard.zip Phish, Very targeted, Sig Available
    • Bill475382635','199440348billy@msn.com','','20.134.10.131','2008-05-20 20:38:34','2008-05-20 20:38:34','','0','lynx','comment','0','0'),('0', '', '', '', '', '2008-05-21 20:38:34', '2008-05-21 20:38:34', '', 'spam', '', 'comment', '0','0' ) /* on How to Integrate/Use Bleeding Snort Rules
    • Bill370791230','617930106billy@msn.com','','104.199.69.73','2008-05-20 20:03:22','2008-05-20 20:03:22','','0','lynx','comment','0','0'),('0', '', '', '', '', '2008-05-21 20:03:22', '2008-05-21 20:03:22', '', 'spam', '', 'comment', '0','0' ) /* on How to Integrate/Use Bleeding Snort Rules

  • Recent Posts

    • Rule & Firewall Updates Re-enabled
    • I’m Leaving Bleeding Threats!
    • Encrypted Storm Sigs
    • Windows 98 Snort Signature
    • E-Jihad Tool Sigs
    • « Don’t Overlook the Snort.conf Samples project
    New MS DNS Vulnerability! »

    Bandook Trojan Sigs Posted

    Ran into an interesting use of Bandook, so put the time into some sigs for the last two versions of it, 1.2 and 1.35.

    They’re available here:

    http://doc.bleedingthreats.net/bin/view/Main/WebSearch?search=bandook

    And an overview page for the set:

    http://doc.bleedingthreats.net/bin/view/Main/TrojanBandook

    As always, please let me know about any false positives.

    Matt

    This entry was posted on Thursday, April 12th, 2007 at 3:42 pm and is filed under General, New Rules. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    Leave a Reply

    You must be logged in to post a comment.

    Entries (RSS) and Comments (RSS)
    Copyright © 2007 Bleeding Edge Threats.
    All trademarks and copyrights on this page are owned by their respective owners. Snort® is a registered trademark of Sourcefire, Inc.