Ddos & security reports » snort rules for etumbot

Page 1

(http://www.arbornetworks.com/ asert) DDoS & Security Reports

THE ARBOR NETWORKS IT SECURITY BLOG

HOME (/ASERT/) | ATTACK MAP (HTTP://WWW.ARB ORNETWORKS.COM/ASERT/MAP/) | ARCHIVES (HTTP://WWW.ARB ORNETWORKS.COM/ASERT/ARCHIVES/) | AB OUT (HTTP://WWW.ARB ORNETWORKS.COM/ASERT/AB OUT/) | RSS (/ASERT/FEED/)

Search

Snort rules for Etumbot BY: ARBOR NETWORKS (HTTP://WWW.ARBORNETWORKS.COM/ASERT/AUTHOR/ARBOR-NETWORKS) - 06/10/2014 (http://www.arbornetworks.com/asert/2014/06/snortrules-for-etumbot/)

Since publication of the Etumbot blog (http://www.arbornetworks.com/asert/2014/06/illuminating-the-etumbot-apt-backdoor/) on Friday, June 6th, we’ve received numerous requests to publish Snort rules for the network indicators described therein. You can find Snort rules for the Etumbot C&C communications on Arbor’s github at https://github.com/arbor/snort/blob/master/etumbot.rules (https://github.com/arbor/snort/blob/master/etumbot.rules) While we are not Snort syntax experts, we have performed basic testing for the Etumbot communications we’ve been able to observe over the wire. Specifically, the first three Snort rules for Etumbot RC4 Key Request, Etumbot Registration Request, and EtumBot Ping all triggered successfully when the corresponding network traffic was observed. Remember to change the SIDs as appropriate for your environment. We also anticipate these rules will be incorporated into the EmergingThreats Open feed in the very near term.


< Previous Post (http://www.arbornetworks.com/asert/2014/06/illuminating-the-etumbot-apt-backdoor/)

Name Email

Website (Optional)

Comment

SUBMIT COMMENT

FEATURING

This blog is the public home of our research, commentary, analysis and industry observations. Like the company itself, our blog features a wide variety of talented individual contributors, from world-renowned security researchers on Arbor’s Security Engineering & Response Team (ASERT) to product managers, engineers and architects, to the office of the CTO. As experts, they all bring an interesting mix of subject matter expertise and experience to the conversation.


Arbor is a company with a history rooted in groundbreaking research at the University of Michigan a decade ago, and we remain researchers at heart. We hope you find our perspective interesting and we welcome your comments and feedback.

LIVE DATA FEED

5416

83.5

DDOS ATTACKS PER DAY WORLDWIDE

Feed based on ATLAS data

PEAK ATTACK IN GB PS PAS T 24 HOURS

70

ACTIVE B OTNETS DETECTED

5416

DDOS ATTACKS PER DAY WORLDWIDE

(http://atlas.arbor.net)

TAG CLOUD

"End of Internet" (http://www.arbornetworks.com/asert/tag/end-of-internet/) 504 (http://www.arbornetworks.com/asert/tag/504/)

500 Internal DDoS (http://www.arbornetworks.com/asert/tag/500-internal-ddos/)

Add new tag (http://www.arbornetworks.com/asert/tag/add-new-tag/)

AlbaDDoS

(http://www.arbornetworks.com/asert/tag/albaddos/) Aldi (http://www.arbornetworks.com/asert/tag/aldi/) Aldi Bot (http://www.arbornetworks.com/asert/tag/aldi-bot/) algorithm

Arbor Networks - DDoS Experts (http://www.arbornetworks.com/asert/tag/arbornetworks-ddos-experts/) Armageddon (http://www.arbornetworks.com/asert/tag/armageddon/) attack (http://www.arbornetworks.com/asert/tag/algorithm/)

(http://www.arbornetworks.com/asert/tag/attack/) Attacks (http://www.arbornetworks.com/asert/tag/attacks/) Beer DDoS (http://www.arbornetworks.com/asert/tag/beer-ddos/)

BGP (http://www.arbornetworks.com/asert/tag/bgp/) Black Peace Group (http://www.arbornetworks.com/asert/tag/black-peace-group/) Bot (http://www.arbornetworks.com/asert/tag/bot/)

Botnet (http://www.arbornetworks.com/asert/tag/botnet/)

Botnets (http://www.arbornetworks.com/asert/tag/botnets/) China (http://www.arbornetworks.com/asert/tag/china/) Crypto (http://www.arbornetworks.com/asert/tag/crypto/) Danny McPherson (http://www.arbornetworks.com/asert/tag/danny-mcpherson/)

ddos (http://www.arbornetworks.com/asert/tag/ddos/) Denial-of-service attack


(http://www.arbornetworks.com/asert/tag/denial-of-service-attack/) Dirt Jumper (http://www.arbornetworks.com/asert/tag/dirt-jumper/) down (http://www.arbornetworks.com/asert/tag/down/) Facebook (http://www.arbornetworks.com/asert/tag/facebook/)

Google

(http://www.arbornetworks.com/asert/tag/google/) Halloween (http://www.arbornetworks.com/asert/tag/halloween/) hijack (http://www.arbornetworks.com/asert/tag/hijack/) internet (http://www.arbornetworks.com/asert/tag/internet/) Internet Protocol

Internet service provider (http://www.arbornetworks.com/asert/tag/internet-service-provider/) Internet traffic (http://www.arbornetworks.com/asert/tag/internet-traffic/) IPv4 (http://www.arbornetworks.com/asert/tag/internet-protocol/)

(http://www.arbornetworks.com/asert/tag/ipv4/)

IPv6 (http://www.arbornetworks.com/asert/tag/ipv6/) Iran

(http://www.arbornetworks.com/asert/tag/iran/) malware (http://www.arbornetworks.com/asert/tag/malware-2/) network (http://www.arbornetworks.com/asert/tag/network/)

outage (http://www.arbornetworks.com/asert/tag/outage/) peering

(http://www.arbornetworks.com/asert/tag/peering/) Security

(http://www.arbornetworks.com/asert/tag/security/) Streaming media (http://www.arbornetworks.com/asert/tag/streaming-media/) traffic (http://www.arbornetworks.com/asert/tag/traffic/)

Wikileaks

(http://www.arbornetworks.com/asert/tag/wikileaks/) YouTube

(http://www.arbornetworks.com/asert/tag/youtube/)

Corporate Site | (/) Threat Portal | (/threats/) ATLAS Portal | (http://atlas.arbor.net) Privacy Policy | (/privacy-policy/) Legal (/legal-notice/) Š Copyright 2014 Arbor Networks, All rights reserved Arbor Networks is a global provider of DDoS attack prevention, network security and visibility solutions. To find out more, visit http://www.arbornetworks.com/ (http://www.arbornetworks.com/)

(http://www.linkedin.com/company/arbor-networks)

(https://twitter.com/arbornetworks)


(http://www.youtube.com/user/ArborNetworks)

(http://www.slideshare.net/Arbor_Networks) (http://www.youtube.com/user/ArborNetworks)


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.