[Snort-sigs] Injected Eitest Script

el cabezon elcabezzonn at ...2420...
Tue Oct 4 17:39:14 EDT 2016


yes, I do have a list of the sites  in question.

for the first  that was  captured on 09/27/2016:

Compromised site:
www,germansuppliesinc[.]com   212.34.137,34


drops flash exploit:


erbakanvideolari[.]top 31.184.192,173

rew.yourownmusical[.]com 194.87.232,24


drops xor encoded payload:

rew.yourownmusical[.]com 194.87.232,24



for the second ​​ that was captured on 09/28/2016:

compromised website:

ventadeaires[.]com  87.98.231,4


drops flash exploit:

zdkn.tpb0134vv[.]top      185.117.73,70


xor encoded payload:

zdkn.tpb0134vv[.]top      185.117.73,70


I appreciate the recommendation for changing the snort rule. Still a novice
at creating rules.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161004/17dfeab9/attachment.html>


More information about the Snort-sigs mailing list