[Community-sigs] Js.Trojan.Agent
Xabier Ugarte-Pedrero
xpedrero at sourcefire.com
Mon Jul 18 12:51:20 EDT 2016
Hello Arnaud,
Thank you very much for your submission. For robustness, I have added
another term to the signature, and converted it to ldb format in order
to account for a different ordering of the terms, according to what I
have seen in https://blog.sucuri.net/2015/11/jquery-min-php-malware-affects-thousands-of-websites.html.
Could you try this new signature over your dataset in order to make
sure it matches all the files?
Js.Trojan.Agent;Target:3;(0&1&2);3c736372697074747970653d22746578742f6a617661736372697074227372633d;6a71756572792e6d696e2e706870;73657474696d656f7574283130293b
Thank you very much,
Xabier
-- Xabier
On Thu, Jul 14, 2016 at 3:26 AM, Arnaud Jacques / SecuriteInfo.com
<webmaster at securiteinfo.com> wrote:
> Hello,
>
>
>>
> Js.Trojan.Agent:3:*:3c736372697074747970653d22746578742f6a617661736372
> 697074
>> 227372633d{-150}6a71756572792e6d696e2e706870
>
> Any news for this signature ? Did it passed the FP tests ?
>
> --
> Best regards,
>
> Arnaud Jacques
> SecuriteInfo.com
>
> Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
> Twitter : @SecuriteInfoCom
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
More information about the Community-sigs
mailing list