How to stop MortiAgent Malware using the snort rule ?

Software Version

9.0.5

Problem Description:  How to stop MortiAgent Malware using snort rule ?

I want to stop the MoriAgent malware by applying /using snort rule & also using yara rule?

How to configure this in Palo alto ?

Below are snort & Yara Rules:

1

Minemeld Syslog Miner Not parsing Messages

Hi, I am working with a new installation of Minemeld running on ubuntu 16.04. if I do a TCP dump I can see the Syslog but minemeld is not parsing them. I check the /var/log/Syslog and found this.

It seems that some modules are missing and that gives a

Tofsee TLS Fingerprint Detection

Hi all,

Since the moment we updated our threat database to 8204-5736 we see THOUSANDS of 'Tofsee TLS Fingerprint Detection' threat matches.

I assume they are false positives? Anyone else seeing the same?

It's skewing our monitoring stats significantly s

How to detect zip bomb file?

Hi,

I got following new malicious nature.

https://fossbytes.com/zipbomb-unzips-46mb-file-into-4-5-petabytes/

https://www.bamsoftware.com/hacks/zipbomb/

Can PA or Wildfire detect a zip bomb file?

DNS sinkhole v9.0.1

Have 2 HA VMs with 9.0.1

Following this article: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/use-dns-queries-to-identify-infected-hosts-on-the-network/identify-infected-hosts.html

In section 3), how does this need to b

HIP Report information

Hi,

Is possible to extract the parameters showed after click the "magnifiying glass" button in Monitor --> HIP Match

Specially the parameters corresponding to “anti-malware” and “patch-management”.

Extracting the .csv log this parameters aren´t showe

Suspicious TLS Evasion Suggestion

In our environment, we use another product for web traffic decryption/inspection. Since that product acts as a proxy and all web traffic gets forwarded to those configured proxy IP addresses, this traffic is getting flagged by our firewalls as suspic

When will PAN signatures be available for CVE-2019-0708 ?

When will signatures be available for this?

PA-820 Threat License attack passed

Hello Guys,

This is my first post here and I am very sad.

I am big fan of PA and had a couple of implementations with customers but...

Sadly, last sunday, PA-820 appliances in HA were not enough to stop hackers/attack.

Customer of mine had some public

Turn around time for test a site submision

So As a network admin I was disappointed to see that Palo have marked this url as low risk : https://webrecorder.io/

If you do not block this site it allows your users to negate all of your well thought out url policies, yes they can just jump on a po

Whitelist Vendor IP range from Paloalto IPS

Hi All, I am looking for more effective way to whitelist a vendor on IPS without whitelisting at the FW as well.

I am looking for traffic from vendore ip range to be completely exempted from Vulnerability / antivirus / Anti-spyware without creating a

What is the meanings for URL and destination under the URL filtering?

the URL showed that URL is maper.info while Destination is iplogger.com