[Snort-sigs] INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (1:33215:1)

John Tan jftan at ...4242...
Wed Mar 8 04:05:29 EST 2017


Hi All,

I would like to seek assistance on this.

INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (1:33215:1)

-          Based from my analysis, icanhazip.com is an automatic public ip address resolver. I noticed that users with Chrome and Mobile safari are affected.

-          Please help.
BLACKLIST DNS request for known malware domain givemefilesnow.info - Win.Trojan.Adload.dyhq (1:29826:1)

-          Based from my research users with outdated Mozilla are affected.

-          Please help.


Regards,
John Tan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170308/c910a4ae/attachment.html>


More information about the Snort-sigs mailing list