Snort mailing list archives

INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (1:33215:1)

From: John Tan <jftan () dairy-farm com ph>
Date: Wed, 8 Mar 2017 17:05:29 +0800

Hi All,

I would like to seek assistance on this.

INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (1:33215:1)

-          Based from my analysis, icanhazip.com is an automatic public ip address resolver. I noticed that users with 
Chrome and Mobile safari are affected.

-          Please help.
BLACKLIST DNS request for known malware domain givemefilesnow.info - Win.Trojan.Adload.dyhq (1:29826:1)

-          Based from my research users with outdated Mozilla are affected.

-          Please help.


Regards,
John Tan

------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (1:33215:1) John Tan (Mar 08)