[Emerging-Sigs] Rule 2017265 FP

James Lay jlay at slave-tothe-box.net
Tue Sep 16 18:57:05 EDT 2014


On 2014-09-16 14:25, Francis Trudeau wrote:
> James,
>
> When generate traffic to that site I don't get an alert.
>
> Do you have a pcap?
>
> Thanks,
>
> Francis
>
>
>
> On Tue, Sep 16, 2014 at 2:11 PM, James Lay <jlay at slave-tothe-box.net> 
> wrote:
>> FYI:
>>
>> 20:08:17  [1:2017265:5] ET CURRENT_EVENTS BlackHole EK Non-standard 
>> base64
>> Key [**] [Classification: A Network Trojan was Detected] [Priority: 
>> 1] {TCP}
>> 64.129.104.158:80 -> x.x.x.x:49924
>>
>> Hit's on:
>> stv.wsj.net/dpm/scripts?key=abfad4b50ef671bedc4759a1589ebe693d406068
>>
>> James
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at lists.emergingthreats.net
>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreats.net
>>

I do not...apologies.

James


More information about the Emerging-sigs mailing list