Tools:

• Razorback
• PE-Sig

Web Tools:

• SO Rule Generator

Mind Games:

• AWBO Exercises

Papers:

• Index

See also:

• VRT Blog
• Snort.org

Contact:

• Sourcefire VRT
  research @ sourcefire . com
• Other Methods and PGP Key

The following is a list of md5sums of malware samples which have displayed the behavior detected by SID 16827:

016f8aaa8d62307a0d49024a65b1bc2f
022b5b2ea546c625c46e1e4be3476c53
05aaa5f9457094f4a69bc411aedf9d87
05b42e80e35c38a9b3b49c9a7d046db3
067faa30a6282fd9190fa9c32aa84216
075685692e6b4bfd05895036ce42df6e
08397658e718d966fa4bc28cc47e068a
0c7e56121d14529584ef5b7742922e25
0dda66905e61270fb9319dd88b4fe79e
14c7e898383a540f8a9c44c113ac84ca
15afd7ea703471434b36a1817ffda581
193b33bc2061fe786befa8f2eb0d71c7
1dba2bc76539d6982edc75bb3e40d03a
1ecd79bd3901fa88fa8531a49b405fb1
1f951471b1eeab07a4685440ad4f1e19
21c6b38abb279ecbeffb8ffe7d51a098
252e45d57bb85e879d2158215d766fcd
275254d92f4a50288766595e95dd0864
282b8da5548ff7eb48972943940689c8
2e8d18c3ef2b4901c27e078202c7e045
2f87e02c0b9fec888f577c28b4c59ba8
300650169915e5cd281dd3469f9780c8
30e272889e97a9816899624783a3102c
364acf8bb20d06be4fd58f13b511a071
37995ff03d5fb60f0f634dc12c110fe3
3ccb169fe553b00588657806d19fea19
3e4c96c5a68f7ec38eef7316104c75a1
445dc13f23a21851d3488249549076b1
458ff65663ff3fa75f537eae405affd7
45e664cf0e73ac77ffcc00b00af3d0db
491cb6cf0ece5798ce7e9d40db56a991
4d1ad56a57d819bf19e5043b2b189f54
4daa44946cacf59426f03db55d78f47b
4e8f4da9ac618014782ea6bca51319c4
4f45b039a4a5d5c2872e3faeb33a2b98
565d085a6501219dd01653236ff35065
5711b6562f4f36a0710ed633edf3af3d
574bfcd4cca6f38941e27d7c52dea54d
616fd3aca02482cb0346b8b4b3a5388e
697113bab3d9fee9008651af84c4dc6c
6db6fa45995fbc3442dc4fc58b32a024
6e7a1027eb2ef245fde191ade01b0f65
74c7071bceecca73c0a2877a2fcbfa3e
79ee20a0b9acbd7f0664e90ecf9e19ea
7e252a93c054504716974bd58f3afff6
7f55794f9be07c178b3317a334e82b9a
85268576c1e8b7dcaa3231eb574bc82e
857d2f667495b2d68bce2dfd9b7d78db
8a59cfd01248acbe1b6c6f190045ffc2
8b4647159594fe5fa37e5e5efd56a279
8cb3a19401f076e50d7e8a0768d5cfbe
8d9e29978cceefa08516933f0ece3b25
8dd50bc733bd9efa08ea59e833af9f30
92911f90088d7cd59bfe6cf599720e14
947ec67bd00bbf830d5ee81fb12ec3a8
96c6cce81557c3eaec9ca9fc2c5b2589
9bdb12a95d05f4f31a97bfe80e4aa66c
9c3685c9d6e57b3d7c13fbe13187010a
9c8fd443ab93a6cb1d97e2914b639a38
9f5a714fac6222fb4abe6c908623d157
9fdd81acd2846fbd016b418aea445b52
a17c096eea41931bbdc82e287f154ad2
a3947162860480e58d5beb4383737d69
a7e4d1e346217635f31f7f33b0c2bb16
af8dc20c45f435a55622acd78a4feb46
b0f46cfa24244739dab28c3d5fd722a0
b4f7573798095c16c1399c26b8817d3c
ba4eb1e0c36ad0ef85b71d5ab53663c1
bcf0a8fe6b5aa25f5ccb0796addfa30f
be4ab2c0ca01058339d8f7908a0157dc
c1237305b10bcf78e9037222d10a9a7e
c12b8030b4a39eb1e6f59fd38ae38a5a
c1f26715371e605d744dec5b3dcb93e5
c5a9aff8ddf560f879fd096ca3b34fb5
c5fd2d51a9abf3af7ffe96ccbe303ada
c7a0e3039bfd1321df8de5b4f9436983
d11fcd031538a9bb2f84f70c68211170
d19ff8cf8de549f483251efde1fe4321
d254d17d90a54c16f45b8ecdb7781c13
d2a83a0c54cfff4cf674f436920bcc1a
daba09677ab7eb231b011d14bf59b814
dc29bb0ae04df8c990c117ab632d1707
dff92e46430d8b2f670dd80b89512f3a
e01a876208df241887072c8fc1b713ef
e6b06d61ebc0574ad5f9b46855244a2e
ea4b0f2566c8398585e71bc498983e44
eb4aed19789fdf37e16d2066890f5e06
ed26649568100ee02613db7a2cc5a265
ef0ef9aa7fadf3fd212bfda3afd28a6b
f0e367939fdcfe8229a67e84cf1d3058
f4bfac8f4857c024b9c993dba6469d2b
f75ae3775debaa7931a7756ac1648258
f7bb3b2eb1293dc05b8f4ef2257cf8a5
ff76322863444749e4b7666f184eaa71

('')

About the Sourcefire Vulnerability Research Team

The Sourcefire Vulnerability Research Team (VRT) is a group of leading edge intrusion detection and prevention experts working to discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.

All materials contained on this site © Sourcefire VRT