Snort mailing list archives

MALWARE-CNC TRUFFLEHUNTER SFVRT-1020 attack attempt" rule being fired

From: Daniel <dky.swe () gmail com>
Date: Thu, 31 Mar 2016 08:34:35 +0200

Hi all,

Since a few days ago, we have the "MALWARE-CNC TRUFFLEHUNTER SFVRT-1020
attack attempt" rule being fired on what to seems to be ICMP pings from a
Nagios server.

I can provide pcap file if anyone from the Talos team (or others) want to
look at it.
Contact me then.

Best Regards,
Daniel

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

MALWARE-CNC TRUFFLEHUNTER SFVRT-1020 attack attempt" rule being fired Daniel (Mar 30)
- Re: MALWARE-CNC TRUFFLEHUNTER SFVRT-1020 attack attempt" rule being fired Joel Esler (jesler) (Mar 31)