[Snort-sigs] Win.Backdoor.Joanap

Alex McDonnell amcdonnell at sourcefire.com
Thu Jun 7 08:03:01 EDT 2018


Yaser, we looked at the User-Agent: DavClnt rule and found there was no
distinction between the malicious traffic and traffic from word. Looking at
blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/ it
seems to be expected fallback behavior. We have decided not to publish this
rule.

thanks
Alex McDonnell
TALOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180607/ed4d2043/attachment.html>


More information about the Snort-sigs mailing list