-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add detection rule for hp-socket linking #848
Conversation
Signed-off-by: Still Hsu <[email protected]>
Signed-off-by: Still Hsu <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks, once we have a test sample, this is good to go
Signed-off-by: Still Hsu <[email protected]>
Signed-off-by: Still Hsu <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome!
Co-authored-by: Yacine <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
I wasn't able to find a sample that matches AND is quick to analyze for testing. Can we move this to the nursery for now? |
Is that something you'd like me to do? Move the file to the nursery section? |
Yes, please, if you can. |
Signed-off-by: Still Hsu <[email protected]>
thank you! |
Summary
hp-socket
is an open-source Chinese-origin networking library and has been spotted in various proprietary RAT such as SprySocks