[Community-sigs] signatures

Christopher Marczewski cmarczewski at sourcefire.com
Wed Feb 1 16:57:50 EST 2017 

Hello Michael,

Apologies for the delay. All three signatures have been submitted for FP
testing, prior to publication.

I did modify the names & target types, mostly for scope reduction:

Js.Downloader.Span:7:*:2e73706c697428726f78282929*2e6f70656e2822676574222c746f6728
Html.Downloader.Spam:3:*:2e6f70656e2822676574222c22687474703a2f2f222b785b695d2b672b
Js.Downloader.Spam:7:*:2e6a6f696e28*3d22687474703a2f*6c322e786d6c6874747022*2e6f70656e2822676574222c*2e73656e6428293b6966*6e7365746578742e73706c697428

On Thu, Jan 26, 2017 at 3:42 PM, Michael Cichosz <michael.cichosz at gmx.de>
wrote:

> Hello Christopher,
> i have both files uploaded to the link you provide me ;)
> before i put all files in one zip, watch out for this one:
> f9f29f930269781a8fbe7d50e13de2c9  r.zip
>
> Thanks
>
> Regards,
>
> Michael Cichosz (mcichosz _at_ clamav.net)       ClamAV, a GPL anti-virus
> toolkit
> Phone: +49 5371/170 222 4  PGP key id 04B57A3D
>
>
> > Gesendet: Donnerstag, 26. Januar 2017 um 16:32 Uhr
> > Von: "Christopher Marczewski" <cmarczewski at sourcefire.com>
> > An: "ClamAV Community Signatures Submission List" <
> community-sigs at lists.clamav.net>
> > Betreff: Re: [Community-sigs] signatures
> >
> > Hello Michael,
> >
> > Thank you for the signature submissions. Any chance you can upload
> > c9ef36cd01de1da145c287a77145065b & 7e1046171c2d480999d9ba404b60a598?
> They
> > are not present on VirusTotal, nor in any of our repositories.
> >
> > Samples can be uploaded at the link below:
> >
> > http://www.clamav.net/reports/malware
> >
> > On Thu, Jan 26, 2017 at 5:13 AM, Michael Cichosz <michael.cichosz at gmx.de
> >
> > wrote:
> >
> > > Hi, new signatures for your collection:
> > >
> > > files:
> > > c9ef36cd01de1da145c287a77145065b  Delivery-Receipt-04397717.doc.wsf
> > > 4efeb185fd81458d1d15e39638888104  Item-Delivery-Details-3136255.
> doc.wsf
> > > 7e1046171c2d480999d9ba404b60a598  Undelivered-Parcel-ID-7497849.
> doc.wsf
> > >
> > > signatures:
> > > JS.Trojan.Downloader:0:*:2e73706c697428726f78282929*
> > > 2e6f70656e2822676574222c746f6728
> > > JS.Trojan.Downloader:0:*:2e6f70656e2822676574222c226874
> > > 74703a2f2f222b785b695d2b672b
> > > JS.Trojan.Downloader:0:*:2e6a6f696e28*3d22687474703a2f*
> > > 6c322e786d6c6874747022*2e6f70656e2822676574222c*2e73656e6428293b6966*
> > > 6e7365746578742e73706c697428
> > >
> > > Regards
> > >
> > > Michael Cichosz (mcichosz _at_ clamav.net)       ClamAV, a GPL
> anti-virus
> > > toolkit
> > > Phone: +49 151/1124 6897  PGP key id 04B57A3D
> > > _______________________________________________
> > > Community-sigs mailing list
> > > Community-sigs at lists.clamav.net
> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
> > >
> > > http://www.clamav.net/contact.html#ml
> > >
> >
> >
> >
> > --
> > Christopher Marczewski
> > Research Engineer
> > Talos Group
> > cmarczewski at sourcefire.com
> > Phone: 443.430.7118
> > _______________________________________________
> > Community-sigs mailing list
> > Community-sigs at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
> >
> > http://www.clamav.net/contact.html#ml
> >
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>



-- 
Christopher Marczewski
Research Engineer
Talos Group
cmarczewski at sourcefire.com
Phone: 443.430.7118

More information about the Community-sigs mailing list