[Snort-sigs] MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188)
amcdonnell at ...435...
Tue Jan 19 16:41:53 EST 2016
This is one of many rules that is used to help detect Bedep. We know it
can be loud if you are a regular visitor to that site which is why we have
placed it in the "indicator-compromise" category where rules that might not
alert on malicious traffic but are usually present when other
suspicious/malicious traffic is present. Enabling this rule can help find
other unknown variants but does have the drawback of having to check more
events. Like Joel suggested, please take a look at other sids if you do not
want to deal with these events.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs