PonyStealer Exfil Attempts

[recvfrom]

Overview Write Snort rules for traffic related to PonyStealer (commodity infostealer malware) exfiltrating collecting data

Proposal Write Snort rules for PonyStealer exfil traffic. For more info, see:

• https://resources.infosecinstitute.com/a-case-study-of-information-stealers-part-ii/

Expected Difficulty

• Beginner/Easy - The C2 protocol is very basic, write-ups exist that detail the purpose of the protocol data, etc.

Technical Info ponystealer-pcap.zip (password: infected)