[Emerging-Sigs] False Positive: "ETPRO MALWARE Win32/Bancteian.A Variant CnC Activity" - SID 2839072

Brandon Murphy bmurphy at emergingthreats.net
Wed Oct 23 05:33:00 HDT 2019


Thanks Nathan,

I'll take a look and get it updated today.

-Brandon

On 10/23/19 09:23, Nathan via Emerging-sigs wrote:
> Good morning friends,
>
> I believe I have encountered a false positive that is almost an exact match to
> the suspected traffic in question for SID 2839072.  Below is a PCAP ASCII
> snippet of that traffic:
>
> 08:25:44.903014 IP 10.0.0.1.50165 > 20.41.62.11.80
> GET
> /8SE/77?MI=8BB03BE5E3834C769547B59818DA223A-0CCE46F7241540FBA35EB5FCECFE26F4&LV=1.3.478.0&OS=6.2.9200&HV=1.3.478.0&AG=308&TE=11001&TV=tv1.3.478.0|tmen-us|isBDT1|buproduct|mi8BB03BE5E3834C769547B59818DA223A-0CCE46F7241540FBA35EB5FCECFE26F4|flmsa_bd2|fr1|kvcategory:hot,autosync:True
> HTTP/1.1
> Host: g.ceipmsn.com
> Connection: Keep-Alive
> Cache-Control: no-cache
>
> Cheers,
> Nathan
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
>


More information about the Emerging-sigs mailing list