Snort mailing list archives
Re: MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188)
From: Elliot Anderson <new.http.451 () gmail com>
Date: Wed, 20 Jan 2016 10:30:26 +0200
Appreciate for additional details Alex. Elliot.
On 19 Jan 2016, at 23:41, Alex McDonnell <amcdonnell () sourcefire com> wrote: Hi Elliot, This is one of many rules that is used to help detect Bedep. We know it can be loud if you are a regular visitor to that site which is why we have placed it in the "indicator-compromise" category where rules that might not alert on malicious traffic but are usually present when other suspicious/malicious traffic is present. Enabling this rule can help find other unknown variants but does have the drawback of having to check more events. Like Joel suggested, please take a look at other sids if you do not want to deal with these events. Thanks Alex McDonnell TALOS ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188) Elliot Anderson (Jan 19)
- Re: MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188) rmkml (Jan 19)
- Re: MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188) Joel Esler (jesler) (Jan 19)
- Re: MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188) Elliot Anderson (Jan 19)
- Re: MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188) Alex McDonnell (Jan 19)
- Re: MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188) Elliot Anderson (Jan 20)