[Emerging-Sigs] ETPRO TROJAN MSIL/Tiny.R CnC Checkin (Infoback)

Jason Williams jwilliams at emergingthreats.net
Sun Jan 21 14:14:55 HST 2018


It means that a Command and Control Check in was observed. In this case it
is from the monitored network to the unmonitored network. That should
indicate a compromise of a host on the monitored network.

In the future, please use the etpro mailing list for questions concerning
the ETPRO ruleset:
https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs

Thanks!

Jason

On Sun, Jan 21, 2018 at 1:35 AM, Fateme Hajikarami <
fateme.hajikarami at gmail.com> wrote:

> Hi everybody!
> I got this log from my IDS.
> It is the rule 2829108 from etrpo.
> I want to know this log means that checkin was succussful or we cant get
> this?
>
> On Sun, Jan 21, 2018 at 11:03 AM, Fateme Hajikarami <
> fateme.hajikarami at gmail.com> wrote:
>
>> Hi everybody!
>> I got this log from my IDS.
>> It is the rule 2829108 from etrpo.
>>
>> --
>> Fateme Hajikarami, M.Sc.
>> Department of Electrical & Computer Engineering
>> Isfahan University of Technology
>>
>
>
>
> --
> Fateme Hajikarami, M.Sc.
> Department of Electrical & Computer Engineering
> Isfahan University of Technology
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180121/75b23aa9/attachment.html>


More information about the Emerging-sigs mailing list