Snort: Unterschied zwischen den Versionen

Aus SchnallIchNet
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: „== my rules == some rules i wrote... === Trojans Android === some rules on android trojans... ==== Android Trojan 01 ==== Ref: https://www.securelist.com/e…“)
 
(kein Unterschied)

Aktuelle Version vom 27. März 2013, 15:22 Uhr

my rules

some rules i wrote...


Trojans Android

some rules on android trojans...


Android Trojan 01

Ref: https://www.securelist.com/en/blog/208194186/Android_Trojan_Found_in_Targeted_Attack

Rules: 

# check my phonenumber 
alert tcp any any -> any any (msg:"Trojan Activity on SGS2-Mine \(Android\)"; flow: established,from_client; uricontent:"<MyPhoneNumber>"; nocase;
reference:url,www.securelist.com/en/blog/208194186/Android_Trojan_Found_in_Targeted_Attack; classtype:trojan-activity; sid:9000001; rev:1;)
# check wifes phonenumber
alert tcp any any -> any any (msg:"Trojan Activity on SGS2-Wife \(Android\)"; flow: established,from_client; uricontent:"<MyWifesPhonenumber>"; nocase;
reference:url,www.securelist.com/en/blog/208194186/Android_Trojan_Found_in_Targeted_Attack; classtype:trojan-activity; sid:9000002; rev:1;)
# check connection to C&C server
alert tcp any any -> 64.78.161.133 any (msg:"Trojan Activity to C&C server \(Android\). May be inaccurate"; flow: established,from_client;
reference:url,www.securelist.com/en/blog/208194186/Android_Trojan_Found_in_Targeted_Attack; classtype:trojan-activity; sid:9000003; rev:1;)
Von „https://schnallich.net/index.php?title=Snort&oldid=1289