[Emerging-Sigs] Shadowserver

James Lay jlay at slave-tothe-box.net
Wed Sep 24 16:36:07 EDT 2014


Any reason that 216.93.242.12 is considered a Shadowserver CNC?

2014-09-24T20:34:11+0000        CYD3jp3gxCCxUJwoA5      x.x.x.x    
64579   x.x.x.x    53      udp     9707    pool.ntp.org    1       
C_INTERNET      1       A       0       NOERROR F       F       T       
T       0       152.2.133.52,216.93.242.12,74.207.242.71,198.7.57.183   
150.000000,150.000000,150.000000,150.000000  F

20:34:11  [1:2404043:3588] ET CNC Shadowserver Reported CnC Server UDP 
group 22 [**] [Classification: A Network Trojan was Detected] [Priority: 
1] {UDP} x.x.x.x:64579 -> x.x.x.x:123

Thanks.

James


More information about the Emerging-sigs mailing list