[Emerging-Sigs] Shadowserver

Darien Huss dhuss at emergingthreats.net
Wed Sep 24 16:49:00 EDT 2014


Hi James,

We get the data for those rules from Shadowserver, so your question might
be best directed at them. Sorry!

Regards,
Darien

On Wed, Sep 24, 2014 at 4:36 PM, James Lay <jlay at slave-tothe-box.net> wrote:

> Any reason that 216.93.242.12 is considered a Shadowserver CNC?
>
> 2014-09-24T20:34:11+0000        CYD3jp3gxCCxUJwoA5      x.x.x.x    64579
>  x.x.x.x    53      udp     9707    pool.ntp.org    1       C_INTERNET
>   1       A       0       NOERROR F       F       T       T       0
>  152.2.133.52,216.93.242.12,74.207.242.71,198.7.57.183
>  150.000000,150.000000,150.000000,150.000000  F
>
> 20:34:11  [1:2404043:3588] ET CNC Shadowserver Reported CnC Server UDP
> group 22 [**] [Classification: A Network Trojan was Detected] [Priority: 1]
> {UDP} x.x.x.x:64579 -> x.x.x.x:123
>
> Thanks.
>
> James
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140924/7482e48b/attachment.html>


More information about the Emerging-sigs mailing list