Snort mailing list archives
Re: Injected Eitest Script
From: el cabezon <elcabezzonn () gmail com>
Date: Tue, 4 Oct 2016 17:39:14 -0400
yes, I do have a list of the sites in question. for the first that was captured on 09/27/2016: Compromised site: www,germansuppliesinc[.]com 212.34.137,34 drops flash exploit: erbakanvideolari[.]top 31.184.192,173 rew.yourownmusical[.]com 194.87.232,24 drops xor encoded payload: rew.yourownmusical[.]com 194.87.232,24 for the second that was captured on 09/28/2016: compromised website: ventadeaires[.]com 87.98.231,4 drops flash exploit: zdkn.tpb0134vv[.]top 185.117.73,70 xor encoded payload: zdkn.tpb0134vv[.]top 185.117.73,70 I appreciate the recommendation for changing the snort rule. Still a novice at creating rules.
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Injected Eitest Script el cabezon (Oct 02)
- Re: Injected Eitest Script Geoffrey Serrao (Oct 03)
- Re: Injected Eitest Script Joshua Williams (Oct 03)
- <Possible follow-ups>
- Re: Injected Eitest Script el cabezon (Oct 03)
- Re: Injected Eitest Script el cabezon (Oct 04)
- Re: Injected Eitest Script Geoffrey Serrao (Oct 03)