Tools:

• Razorback
• PE-Sig

Web Tools:

• SO Rule Generator

Mind Games:

• AWBO Exercises

Papers:

• Index

See also:

• VRT Blog
• Snort.org

Contact:

• Sourcefire VRT
  research @ sourcefire . com
• Other Methods and PGP Key

The following is a list of md5sums of malware samples which have displayed the behavior detected by SID 16854:

011764d8a90f6bf972b2070da992b447
019cbc7f7e0127f0a15a39a52dbd7c60
0612a04a08445961d0c66a33fa980805
14f8c0ec481309ea286a4b0c2fb2f319
17f8f67410b519affe8e221e263a746a
1aa5b352709c77be4d0fe46a504958ae
1bac7dc23a83360aefc512800495774f
1bf731a6aad5bf38a8e1373f1598eba0
1d811e63e3be5cbfd90da2b98f187453
1e9df1fe6b5d48f78c00803c02ae83df
204881ea09e07ff23bdc2a3467d56e57
23419ac15b0cdb3ffcf15f113f813a23
25501689ad4d4222e958c350593d6788
2aabc0ebef8a91d701ab4d7a1ea54170
2b6d4cb97f2351b9d258c112bb89ac44
2b8bf4c8fe88a9d59868f559ef93b5df
3066c78b4283cec1faf609a1386c6f9e
34db25585e663dbf5d4efc83b137e428
3c471124c0ecd5a4aa918699738c0c24
46451dea65e4721de20d7d3d5f21f6b4
4734c5b1f195c1f0e52afd78faa8efb3
480ae6f6419778bedb835e83d71d4614
4a419177cc81d1a1806e3c2b7bacdea2
4ab1ad6a3c6d151d21d79817063c0757
522406b214127a019f3427f2902d537e
549f8ec28ed9e9675b856fd9097582db
564c8c2e1d4ab9a99b4684e25dcfe398
5b2b67e3d5d4617822ac041e0c8927a0
5bbbf291be274b5db5c71d1329790dc1
5c0bc6c0ad18c9a822df5e993dae0a7c
62b7bf794725b3ee3deacf8de575b6d4
699ffb41f310bfee9850137239112bea
6f6cedaeed3d9623de14fbdb84e6dc6a
705c0e5296bb6f1f9eaf64aac8bcd734
7329ebfef351c4789c2a1812b7dba53d
76c3d212434d81887c915d420249bc80
80352819a938de87615c3c824f49a0b9
8115364092397da945e564cd96b101ea
843520a58573e7ba9a119234608f21f9
88062e70031b8e69c52416061ea75002
8df0c5ea904f6ce07feb9e98e0744ad6
8f6d9b7d78d26fb4a6377fcc4ac12ebe
92759bce70bfb6b800bd3039ca5c0ce9
931480042ce7343e88ec8082d551dfe1
992866819c75956a77c64c4563f81724
9994c1aee9ef56280d8d795e81b64bce
9bf479b1d872ffaa3d013400349ed257
9da83d3b98448cab6a6587c6f520c994
9edf9bcc58578308fb6ebf09231f7c51
a05c390940466c5736eaa9f055c78a72
a1c665c1c904de8c6324eb5114b73d54
a23546aa119548725bd25956b9b30eff
a4bf0d307db546c867b66a5ee3505849
a5b9d99cc91a1405c8c85df201f3210a
a9bea2eac97561d7011801df25d7619d
aec7cb934e13ffcc30afe454272106f6
b098994e29dbc7f38607900fba0c0b1e
b0d1c01fea44689a827b4eb630a25832
b40b1cbb5713a6e1fc1b7db8f50ae055
b676bb19a07a6325efbe2e550ed7cb6e
c249ffbffd3d4b0a98ef4429a45bbfe8
c461719aa58dbba15a1434ac86cafd47
c6bfe85ef253117f78d6420a707d5716
c829c9734c6aa3a9a6bd331887d3ba64
cad4b70a28d46eea29f2e36d493c0352
ccd0582e6dc30a6a55c439cbae26c6e1
cdce6d54754f672d1a08f342d88477d7
d1037a04d5321b2273c8701898c28da5
d79cfe4ead1dd3faf6cf4b6f27e37fe9
dc6e330e6a29d6733b0a924513f29463
e65a02a2ced0e6ca9323525b25896659
ee59ad1bdd1e78d704338b4ea1bd08d1
ee89fd2e346950ab5ccc148ef4478b3e
ef843088e5a7630b386f0d64d51013e6
f325cebb2862e09e5f2947997e361500
f36ba7d48f4402a859d282ed0d5ebd6e
f5f7dee832ef007ca22c78b84c6e02df
f678587de4bea28aff9298dde74d17b9
fa32fa49867af9527dff5a5356b4f92d
ff89406638d3c5703a345884ff47ff16

('')

About the Sourcefire Vulnerability Research Team

The Sourcefire Vulnerability Research Team (VRT) is a group of leading edge intrusion detection and prevention experts working to discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.

All materials contained on this site © Sourcefire VRT