[Snort-sigs] MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188)

Elliot Anderson new.http.451 at ...2420...
Wed Jan 20 03:30:26 EST 2016


Appreciate for additional details Alex.

Elliot.


> On 19 Jan 2016, at 23:41, Alex McDonnell <amcdonnell at ...435...> wrote:
> 
> Hi Elliot,
> 
>   This is one of many rules that is used to help detect Bedep. We know it can be loud if you are a regular visitor to that site which is why we have placed it in the "indicator-compromise" category where rules that might not alert on malicious traffic but are usually present when other suspicious/malicious traffic is present. Enabling this rule can help find other unknown variants but does have the drawback of having to check more events. Like Joel suggested, please take a look at other sids if you do not want to deal with these events.
> 
> Thanks
> 
> Alex McDonnell 
> TALOS
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140_______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> 
> 
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160120/8bf5617a/attachment.html>


More information about the Snort-sigs mailing list