[Snort-sigs] Re; lots of false positives, Neutrino

Joel Esler (jesler) jesler at ...3865...
Tue Oct 27 17:22:00 EDT 2015

This rule was updated today, please update your ruleset.

Joel Esler
Manager, Talos Group

On Oct 27, 2015, at 1:04 PM, Matthew Hallet <mhallet at ...4083...<mailto:mhallet at ...4083...>> wrote:

We’re also seeing a large amount of these Neutrino landing page events. “(1:36535) EXPLOIT-KIT Neutrino exploit kit landing page detected” was updated on 10/21/2015 and it seems to be flagging a ton of CDNs. Multiple different sources, multiple different destinations.

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Naugatuck Valley Savings and Loan, 333 Church Street, Naugatuck, CT 06770 www.NVSL.com<http://www.nvsl.com/> ------------------------------------------------------------------------------
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>

Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20151027/44d6b786/attachment.html>

More information about the Snort-sigs mailing list