Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2594
Views
0
Helpful
2
Replies

MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client

faisal.mohammed-ext
Level 1
Level 1

‎03-06-2017 10:04 AM - edited ‎02-20-2020 09:03 PM

Hello,

I am getting 'MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client" alerts from Source port 10003 to high numbered destination ports in my network. Most of the source IP belongs a Linux server in my network.

Where can I find the snort rule for "MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client"?

Thanks,

Faisal

Labels:
0 Helpful
2 Replies 2

Farhan Mohamed
Cisco Employee
Cisco Employee

‎05-19-2017 01:04 PM

I checked some rule under the link, which i pasted below, Can you please check and see if it is useful:-

https://www.snort.org/advisories/vrt-rules-2014-08-21

0 Helpful

David Janulik
Cisco Employee
Cisco Employee

‎05-22-2017 02:25 AM

Hello,

since AMP is file based, you might need to check the retrospection event in Console. If you provide me SHA 256 of the file, we can look it up in cloud details for you.

David

Cyber security escalation engineer
0 Helpful
Customers Also Viewed These Support Documents