[Snort-sigs] rules 41458 41459 41460 and 41461

Joel Esler (jesler) jesler at ...3865...
Thu Feb 9 19:54:32 EST 2017


They don’t look very false positive prone.  Perhaps you can send us a pcap/alerts off list and we can review?
--
Joel Esler | Talos: Manager | jesler at ...3865... <mailto:jesler at ...3865...>






> On Feb 9, 2017, at 4:01 PM, John Ives <jives at ...4131...> wrote:
> 
> 
> I was wondering if we could get more information on why rules 41458,
> 41459, 41460, and 41461 are described as "Osx.Keylogger.Elite variant
> outbound connection". We are seeing this in a number of installs for Mac
> Adware, but so far no indication of a keylogger.
> 
> Additionally, when trying to look at the URL provided for a reference,
> it looks to be for a word macro virus.
> 
> Yours,
> 
> John
> 
> --
> ------------------------------------------------------------------------
> John Ives
> Information Security & Policy			    Phone (510) 229-8676
> University of California, Berkeley
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 
> http://www.snort.org
> 
> Please visit http://blog.snort.org for the latest news about Snort!
> 
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170210/f3e1b148/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170210/f3e1b148/attachment.sig>


More information about the Snort-sigs mailing list