Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: False Positives on EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (1:34334:7)

From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Fri, 27 Oct 2017 03:24:39 +0000
The Fiesta exploit kit is largely dead.


--
Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com>






On Oct 26, 2017, at 2:03 AM, Egon Grünter <e.gruenter () fz-juelich de<mailto:e.gruenter () fz-juelich de>> wrote:

Hi list members,

we have a lot of events on EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit
download (1:34334:7). It triggers for any pdf-file that matches the following
regex: [a.z]{5,8}[0-9]{2,3}.pdf

I don't want to disable this signature. Does anyone know about improvements?


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: