[Snort-sigs] MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188)

Alex McDonnell amcdonnell at ...435...
Tue Jan 19 16:41:53 EST 2016


Hi Elliot,

  This is one of many rules that is used to help detect Bedep. We know it
can be loud if you are a regular visitor to that site which is why we have
placed it in the "indicator-compromise" category where rules that might not
alert on malicious traffic but are usually present when other
suspicious/malicious traffic is present. Enabling this rule can help find
other unknown variants but does have the drawback of having to check more
events. Like Joel suggested, please take a look at other sids if you do not
want to deal with these events.

Thanks

Alex McDonnell
TALOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160119/bdfacd54/attachment.html>


More information about the Snort-sigs mailing list