[Emerging-Sigs] Rule 2017265 FP

Francis Trudeau ftrudeau at emergingthreats.net
Tue Sep 16 16:25:25 EDT 2014


James,

When generate traffic to that site I don't get an alert.

Do you have a pcap?

Thanks,

Francis



On Tue, Sep 16, 2014 at 2:11 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> FYI:
>
> 20:08:17  [1:2017265:5] ET CURRENT_EVENTS BlackHole EK Non-standard base64
> Key [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP}
> 64.129.104.158:80 -> x.x.x.x:49924
>
> Hit's on:
> stv.wsj.net/dpm/scripts?key=abfad4b50ef671bedc4759a1589ebe693d406068
>
> James
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>


More information about the Emerging-sigs mailing list