Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TVRat / TeamSpy C2 Traffic #8

Open
recvfrom opened this issue Apr 8, 2021 · 0 comments
Open

TVRat / TeamSpy C2 Traffic #8

recvfrom opened this issue Apr 8, 2021 · 0 comments
Labels
Beginner This project is good for beginners Snort Signifies a Snort Rule Project

Comments

@recvfrom
Copy link
Owner

recvfrom commented Apr 8, 2021

Overview
Write Snort rules for the command and control (C2) traffic used by TVRat (a remote access trojan leveraging the legitimate TeamViewer application)

Proposal
Write Snort rules (likely two) for Predator the Thief C2 traffic. For more info, see:

Expected Difficulty
Beginner/Easy - The C2 protocol is very basic, write-ups exist that detail the purpose of the protocol data, etc.

Technical Info
https://app.any.run/tasks/686989ed-f442-4463-afe5-2b547bf17485/
https://app.any.run/tasks/859c1d99-72d7-4d5e-a9fb-5ad157fa73b4/
tvrat-pcaps.zip (password: infected)

@recvfrom recvfrom added Snort Signifies a Snort Rule Project Beginner This project is good for beginners labels Apr 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Beginner This project is good for beginners Snort Signifies a Snort Rule Project
Projects
None yet
Development

No branches or pull requests

1 participant