Snort mailing list archives
Re: Win.Backdoor.Joanap
From: Alex McDonnell <amcdonnell () sourcefire com>
Date: Thu, 7 Jun 2018 08:03:01 -0400
Yaser, we looked at the User-Agent: DavClnt rule and found there was no distinction between the malicious traffic and traffic from word. Looking at blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/ it seems to be expected fallback behavior. We have decided not to publish this rule. thanks Alex McDonnell TALOS
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Win.Backdoor.Joanap Y M via Snort-sigs (Jun 04)
- Re: Win.Backdoor.Joanap Alex McDonnell (Jun 07)
- Re: Win.Backdoor.Joanap Y M via Snort-sigs (Jun 07)
- Re: Win.Backdoor.Joanap Alex McDonnell (Jun 07)