Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Oct12:
- f0b2b5e48230a5ad021890477dba75fd4c781121025bb3bf1a95cb5e948777f0
- HOST1:names34.top
- HOST2:dircon88.bit
- DNS1:5.132.191.104
- DNS2:ns1.vic.au.dns.opennic.glue
- DNS3:ns2.vic.au.dns.opennic.glue
- C:\isync\\Release\Code.pdb
- Nov24
- 9b6746d5e2bb47d71b7dd1fb6e2617e295168d55dc481c59023c3070f4670171
- HOST1:109.234.39.139
- HOST2:109.234.39.139
- DNS1:5.132.191.104
- DNS2:ns1.vic.au.dns.opennic.glue
- DNS3:ns2.vic.au.dns.opennic.glue
- C:\uni\Release\purchasing.pdb
- snort/suricata sig:
- alert tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"TROJAN Unknown XPMI Initial Checkin"; flow:established,to_server; dsize:<5; content:"|43 00 3a 00|"; depth:4; reference:md5,3a92d94b1ff723f07c3c1e15576734f2; reference:md5,2bdc299b198127fe4a689c299ee7ecfa; classtype:trojan-activity; sid:20166270; rev:1; metadata:created_at 2018_11_24;)
- yara rule:
- rule unknown_xpmi
- {
- meta:
- author = " James_inthe_box"
- date = "2018/11"
- maltype = "Unkown_XPMI"
- strings:
- $string1 = "HOST1:"
- $string2 = "HOST2:"
- $string3 = "DNS1:"
- $string4 = "DNS2:"
- $string5 = "DNS3:"
- condition:
- 3 of ($string*)
- }
Add Comment
Please, Sign In to add comment