Snort mailing list archives
Re: MALWARE-CNC TRUFFLEHUNTER SFVRT-1020 attack attempt" rule being fired
From: Jeff H <jeff61225 () gmail com>
Date: Thu, 7 Apr 2016 11:32:11 -0700
Hi Joel, I sent these in last week and am still seeing occasional hits and haven't heard anything back. I think this is my first time submitting pcaps for analysis on SO alerts, so I am not sure what to expect. I think I have identified the traffic causing the alert and it does not seem malicious to me. I wasn't sure how to send follow up info attached to the same submission. Jeff On Fri, Apr 1, 2016 at 10:50 AM, Joel Esler (jesler) <jesler () cisco com> wrote:
Rev2 is current. If you are seeing alerts, please send them in. -- *Joel Esler* Manager, Talos Group On Apr 1, 2016, at 1:27 PM, Jeff H <jeff61225 () gmail com> wrote: Did this rule get updated? I don't see it in the change log. My rule is listed as rev2 and I'm seeing some (not alot) alerts as well. Jeff On Thu, Mar 31, 2016 at 5:15 AM, Joel Esler (jesler) <jesler () cisco com> wrote:This should be updated in today’s rule pack. -- *Joel Esler* Manager, Talos Group On Mar 31, 2016, at 2:34 AM, Daniel <dky.swe () gmail com> wrote: Hi all, Since a few days ago, we have the "MALWARE-CNC TRUFFLEHUNTER SFVRT-1020 attack attempt" rule being fired on what to seems to be ICMP pings from a Nagios server. I can provide pcap file if anyone from the Talos team (or others) want to look at it. Contact me then. Best Regards, Daniel ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: MALWARE-CNC TRUFFLEHUNTER SFVRT-1020 attack attempt" rule being fired Jeff H (Apr 01)
- Re: MALWARE-CNC TRUFFLEHUNTER SFVRT-1020 attack attempt" rule being fired Joel Esler (jesler) (Apr 01)
- Re: MALWARE-CNC TRUFFLEHUNTER SFVRT-1020 attack attempt" rule being fired Jeff H (Apr 07)
- Re: MALWARE-CNC TRUFFLEHUNTER SFVRT-1020 attack attempt" rule being fired Joel Esler (jesler) (Apr 01)