Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PonyStealer Exfil Attempts #7

Open
recvfrom opened this issue Apr 7, 2021 · 0 comments
Open

PonyStealer Exfil Attempts #7

recvfrom opened this issue Apr 7, 2021 · 0 comments
Labels
Beginner This project is good for beginners Snort Signifies a Snort Rule Project

Comments

@recvfrom
Copy link
Owner

recvfrom commented Apr 7, 2021

Overview
Write Snort rules for traffic related to PonyStealer (commodity infostealer malware) exfiltrating collecting data

Proposal
Write Snort rules for PonyStealer exfil traffic. For more info, see:

Expected Difficulty

  • Beginner/Easy - The C2 protocol is very basic, write-ups exist that detail the purpose of the protocol data, etc.

Technical Info
ponystealer-pcap.zip (password: infected)

@recvfrom recvfrom added Snort Signifies a Snort Rule Project Beginner This project is good for beginners labels Apr 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Beginner This project is good for beginners Snort Signifies a Snort Rule Project
Projects
None yet
Development

No branches or pull requests

1 participant