Tools:

• Razorback
• PE-Sig

Web Tools:

• SO Rule Generator

Mind Games:

• AWBO Exercises

Papers:

• Index

See also:

• VRT Blog
• Snort.org

Contact:

• Sourcefire VRT
  research @ sourcefire . com
• Other Methods and PGP Key

The following is a list of md5sums of malware samples which have displayed the behavior detected by SID 16855:

01143795633f82b7a70fe7ecacae2f5e
02839e49bb76f04876cee1e402648f47
07a4e26f51953533de843beab3bf1ddd
07ca6c102fec9d8eeed602ef1cecda10
135c1bef9c846d5bcec972e798124021
18ca316bbb88d0a0a5e41fe6a14f68eb
1ac3e542500355631e17ab9d7c83eb90
1b5cf530f4b4a932a7b0ba670bb03590
2397d6fb259d1a9ab1766591a24e62b2
251f8a20255ebd73285ec4ba9d2a9605
295e6efc53e517c7a5eb39831db5272d
2a40bbee5555177304af9c8f6e7fe06d
2b54b612e7fdb75c46d727e64f01eb62
32169c2af53ed4a3254dd248442763b7
3b66d14be5260b8cc3a0275eb62afdd5
3c202a69436179916f4f6fb59ab6625d
3fdaeb31dda80f3e643ebbef1a1789d3
407223311612231285c5eed00a930851
4433ef8d9db7ba60714c0725ee8d48d2
5271ddf5c9d1ab188a83ad9ecb7644cd
52c73957d8a885f2098cd6a0fc64146b
595536a650875d8d9062068428a7e505
5e73ba14166c6193fb01926f3fc6b81f
64401cbb6c5a920e55c88da6f8bc0361
6616af341b2159056142d30f7903f628
703e4ff51d6933a7fe3bbc0de6009f27
72c19125b8e3ac46035eb5c1886425e4
73dfe1846ff1a3fdb9dbaaaed6301e9e
75cda982ab170cd8aa2aec53db7b1f7c
764a1903b235fa503f14871cc17913ad
7aaf871d1b2043e2db67774e0e1f528d
8a4b0294cbfe6a981c571886419e44e7
a01dfc23f1c951ff21ea74a71f37f052
a0c20e6458deb6b25039d6e976fcf8e9
a680de084e79111798bc728ae774278d
aa91a1ece0082cbf8342898406dd9316
ac73bf542e129693b6b46a71e4dba825
ad7fdb8d170cd1a886759339ede9dde8
adb25086b325a30674b3e39bfa315568
b19342766c5cdb193c27cc44255a2473
b1d0463391d05a4476e9d08cc5c98ebd
b1f5576ae0cbab34aeec4cfe87a8d21e
b767f61eddcef2e954951802b46286bf
bdf1de905ff0f98efbdaacd1a0ea24d7
bed7f4950789cf0ae7039bffaa39749f
bf191d4cb55200cb3a3f6cab1c63a76a
c8718137182ff62b5de9b30cda6cb062
c98ff3034fc7dd7e16678b04f12fe819
cd05091e54bcca29ecfa790bafc3e56c
d178399aab356b3d3003cdb305cc37b2
d1faca566b4a1bba07f82cdbdbf71b90
d45f904bccc604034a5279f3170a05e6
d806fce628e8b425a55fcb0c653133c0
db16c7eba489d46673767022ed1fd894
db7867791a408f0d0c63c1b329b5778b
dce44a9685fff56813db632cb976d2d7
dd5261f4be9bb5c6bd647f928f7cdac3
de49c05dba719c33115d187ef8748de8
de5436cfce36a6f1fe8cdba49e55a149
e31cfbb1bf59db3b8bc9e9e629467ca5
e96adf201b8282aef41a68a9aea093e3
eda4436219b6a3517be3e08045c00a72
f4bc853b93487d7b76ac9c611eacf45e
f510f3abf94b1072e99e14eb7df6e2ca
f64169ce3f67c510356790939c2f2e14
f6a7a509393fa38d5e6068b2a18ef32e
f6a9cd63ef108acbbf08ac3b546c2051
f6eff3649072aaf1f4bfe2c09a625e2b
f71b7d842762ce6139de6a29c6e9028a
f7a99124beeeb437cd0c3b128d069ea7
fc7ee39c0cb06aadd62263a477b4afae

('')

About the Sourcefire Vulnerability Research Team

The Sourcefire Vulnerability Research Team (VRT) is a group of leading edge intrusion detection and prevention experts working to discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.

All materials contained on this site © Sourcefire VRT