Tools:

• Razorback
• PE-Sig

Web Tools:

• SO Rule Generator

Mind Games:

• AWBO Exercises

Papers:

• Index

See also:

• VRT Blog
• Snort.org

Contact:

• Sourcefire VRT
  research @ sourcefire . com
• Other Methods and PGP Key

The following is a list of md5sums of malware samples which have displayed the behavior detected by SID 16831:

0137f1c3a041f0f2d5f2aa4c9bb567f0
04bfb7ab9c9cadbc5e8b2f4149112798
08810b2783ac6719a7908063f1a189ea
096ec48b742f42209b1e57c60d1a9c23
0b1e93de0af5637e58930f8b95b4a2f0
0c91d4c37aef137f97ef4d91d49f4c5c
0fd58e54212adc112fe43f40bdcf0af3
10b7868551859d21acb4fb3905d9f34b
14d261de5d8e92b3afdf1370c287f89a
14fa4ea0a3256319e93a21c4942323f7
1965f44ab6bdeb76578b332357c560ca
1ae2dbc3995e45914a2b1bce7e1949b7
1e7dd8366d0bf1334bdc2959da28eea8
1ffc5c72f67c8c635c85ac9af534980f
22ec7ba2ebf6d12267c422875f8ea8fb
2a49492419722e526ed4de8d50bee966
2f7d9b5f636bb0b7b300ad9eee9e6ad5
31e70cb8accc3911e8243b6aa5bd595c
357793396e786efe733c161ac08ad811
35a36f19f5ee6c23ff2ecf191ed94c38
36945d7d6f6b10190ffbffbf007c698c
3a1772e3f3aa843e34a3642ae5dd1679
3a3ff408f9b88c0ecc0ffd0c03d8653a
3b8625a0cc88c8cfe6ce812888e7ae24
3c763ad0a16fee10370559d5eb10e7f5
3e7ee20c9ffc0319746907a9c385a213
3f2f17ca2327b48b2fc45df7ef269acb
3f913c1c7c37facdc8354189970e5b32
422eb28982c6708471ce1ae952e87421
49a54753c7fab3fe35d8537c9df0b732
517cfbd2fa90cb0abd008b18da099f29
53777bd68fb5d29582a6184cf9ba328f
5429b8ca3e669129f684ee5cf71480e9
546bdf0c2cb1771d2c3ddde9430d16b7
59426aaa2ab14d13df90ca0ba9069eed
61803ad327fdaac95baf40d3f6faa16b
623273bc6e965c2eae990ae025694890
708656477328adbf0599057129b05d4b
727ff8680432ca2a9544a18be4e06b81
72999b7d3762433aa7b7d355ca711ccf
74507f0af3bef3cfc0929d92457588e5
745b83edaa749521e1bb6da3c82443b2
781f8d108e82e73cfdb37a3b17553c6e
837b5a50eb1b8009f1da7fdc1ebce225
856fc523e91d1e975755ca1b527077bd
85ddb68508b5da20c098d89be2e433a9
87baaa9048a996c8d2a234df682ed887
890b1fc834bed51c9ab10457a1c73e8e
899d6c6faa774e82d3aee0dc4f93fb22
8b67817c595eca8224f48d9c965ead59
8e8a5caff6b95467ea3baf4d7f6a3ee7
8f2f5b3ede86e144aadb00023f197156
9797808558f7b6c3bdeea2815c4ad0ed
9846945ed89fa5db18155d59b076fce4
9c5eefd1427e46ff7064349ed08032e6
9f08edef1c1d31bd9c3064c3d01d8582
9fa4f6ae6c952a02bcec46eb88e6d7a2
a6679fde0bffb03e1cd331534232fe3e
a753abba18921897223917642c9d2168
aac6184fe10cf2141f9ecdfdaa5010a5
abda65ff67d507154ba5194466d84c9b
b03213c20338827d552e20dba0a3faf7
b234ebacdf5ef56ddfb3713a191b3c7c
b2f0a5a3b2857bdefb6e51cd4034543c
b432a4da6da0fc9aebd7ef4f09d0745c
b9a09c7386b0db41d6a95a5043a1b2c0
bb5a3b62c6201e6ef7348a7e56e8ab1a
bbd5c8fafff3ddb9ff5096c8a50cf051
bd69497dbac5d74f47be172798fb5655
be781ca6218b5f4f16b7a8229dccb6b1
bf0e642416038cb7f2a5bfaa52393296
c1bc56b2a455eb79f3b17af1fe45296a
c46220592932c1a94f8585d411002e48
c81f081417e704f5a3e9ea7adcfde1d5
c89e41edf697fd9d040b1ec7fcffd252
c99f9013ba91bd93ebc0dcae4360257d
cbebed6d311763bdfe35a5f65c2b5f07
cc0a24ad88ff06b2523fb344a7ad7125
ccc22785af798febc4610bbc3f8640f2
cfa7dd7d62f7915f245c27ee3b2eed9b
d3050115334a5a4fc23c1d8c676e63a7
d46cdf9b7fa9ebdc49f8365260a45f23
d73c1b1e0e6e2a74d5bbfeff7d917d52
dc365505082ace8309f2774501e82dec
dc89554d7b3a611f2b8601862e425a22
ddd6deb4545110153d8e8c689feee341
deb20fa3159bc8b8e20c1671d36a431d
e0247b37c5457c83f95c1829a3cdddc2
e26f8a2ac02a1a0a8c45bc1af785478d
e44a3ebb6e98091ffdd33a1cb68c2dbb
e72c33dc4bbb45727e41f2e86e9280cb
e83e705aa89341c0c15141ba20b8016b
f0240085904f113a81b6552072547ff6
f18539af260ef688059f02f108911c78
f610740cef6f1c5bceed66245a03eadf
f6bc2a86505c7343ad4f114351eb894f
f6e5e27d20590784cdfabafbe8ef23a2
f751c42b516a0d74ae22da77e20f2803

('')

About the Sourcefire Vulnerability Research Team

The Sourcefire Vulnerability Research Team (VRT) is a group of leading edge intrusion detection and prevention experts working to discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.

All materials contained on this site © Sourcefire VRT