Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Injected Eitest Script

From: el cabezon <elcabezzonn () gmail com>
Date: Tue, 4 Oct 2016 17:39:14 -0400
yes, I do have a list of the sites  in question.

for the first  that was  captured on 09/27/2016:

Compromised site:
www,germansuppliesinc[.]com   212.34.137,34


drops flash exploit:


erbakanvideolari[.]top 31.184.192,173

rew.yourownmusical[.]com 194.87.232,24


drops xor encoded payload:

rew.yourownmusical[.]com 194.87.232,24



for the second ​​ that was captured on 09/28/2016:

compromised website:

ventadeaires[.]com  87.98.231,4


drops flash exploit:

zdkn.tpb0134vv[.]top      185.117.73,70


xor encoded payload:

zdkn.tpb0134vv[.]top      185.117.73,70


I appreciate the recommendation for changing the snort rule. Still a novice
at creating rules.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: