[Emerging-Sigs] JA3 flags official Firefox distribution sites as malware

Jason Williams jwilliams at emergingthreats.net
Tue Oct 29 00:19:30 HDT 2019


Thank you!

On Mon, Oct 28, 2019 at 7:56 PM Michał Purzyński <michalpurzynski1 at gmail.com>
wrote:

> Be careful what you wish for ;)
>
> I just spent over an hour submitting falses while also correlating each
> JA3 and JA3S with additional domains (from my Zeek's data) that rules
> either were or will be falsing on. I have more examples, but I have no time
> - and I already spent several hours on sorting through this today.
>
> You're gonna see pretty much entire public side of the Firefox delivery
> infrastructure and half of Microsoft. Maybe that's BITS matching, of
> Microsoft's CryptoAPI, or both, or more.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191029/b4bb214b/attachment-0001.html>


More information about the Emerging-sigs mailing list