Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Predator the Thief C2 traffic #6

Open
recvfrom opened this issue Apr 7, 2021 · 0 comments
Open

Predator the Thief C2 traffic #6

recvfrom opened this issue Apr 7, 2021 · 0 comments
Labels
Beginner This project is good for beginners Snort Signifies a Snort Rule Project

Comments

@recvfrom
Copy link
Owner

recvfrom commented Apr 7, 2021

Overview
Write Snort rules for the command and control (C2) traffic used by Predator the Thief (commodity infostealer malware)

Proposal
Write Snort rules (likely two) for Predator the Thief C2 traffic. For more info, see:

Expected Difficulty
Beginner/Easy - The C2 protocol is very basic, write-ups exist that detail the purpose of the protocol data, etc.

Technical Info

predator-4c18b806dd10733f6e4d1376e769d94b.pcap.zip (password: infected)

@recvfrom recvfrom added Snort Signifies a Snort Rule Project Beginner This project is good for beginners labels Apr 7, 2021
@recvfrom recvfrom changed the title Snort rules for Predator the Thief C2 traffic Predator the Thief C2 traffic Apr 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Beginner This project is good for beginners Snort Signifies a Snort Rule Project
Projects
None yet
Development

No branches or pull requests

1 participant