[Emerging-Sigs] COVID-19

Orion Poplawski orion at nwra.com
Mon Mar 30 12:21:27 HDT 2020


Why are we alerting on DNS queries for "coronavirus.jhu.edu"?  That seem
pretty reputable.  Also alerting on "covid19info.live" - not so sure about
that but I believe it's legit.

Packet:

CGBuaRgFrB9rEGH+CABFAABBVSgAAH8Rz0gKDAIOCgABIsaRADUALShY994BAAABAAAAAAAAC2Nvcm9uYXZpcnVzA2podQNlZHUAAAEAAQ==

ACToTYJXAAiiCaQnCABFAABD8r4AAH8RKKAKCwI2CgoKAeoiADUALzNgpPoBAAABAAAAAAAABGRhdGELY292aWQxOWluZm8EbGl2ZQAAHAAB


-- 
Orion Poplawski
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                 https://www.nwra.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3799 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200330/abd9d655/attachment.bin>


More information about the Emerging-sigs mailing list