[Snort-sigs] Win.Backdoor.Joanap

Alex McDonnell amcdonnell at sourcefire.com
Thu Jun 7 08:03:01 EDT 2018

Yaser, we looked at the User-Agent: DavClnt rule and found there was no
distinction between the malicious traffic and traffic from word. Looking at
blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/ it
seems to be expected fallback behavior. We have decided not to publish this

Alex McDonnell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180607/ed4d2043/attachment.html>

More information about the Snort-sigs mailing list