Weissenburger, Steve
2017-12-05 17:44:53 UTC
Hello,
I'm being hit with these three snort rules and trying to find more info on what exactly these are doing but coming up empty. Can anyone provide more insight? I'm a snort newbie.
Thanks,
Steve
INDICATOR-COMPROMISE Suspicious .win dns query (1:44077:1)
INDICATOR-COMPROMISE Suspicious .top dns query (1:43687:1)
INDICATOR-COMPROMISE Suspicious .tk dns query (1:39867:3)
I'm being hit with these three snort rules and trying to find more info on what exactly these are doing but coming up empty. Can anyone provide more insight? I'm a snort newbie.
Thanks,
Steve
INDICATOR-COMPROMISE Suspicious .win dns query (1:44077:1)
INDICATOR-COMPROMISE Suspicious .top dns query (1:43687:1)
INDICATOR-COMPROMISE Suspicious .tk dns query (1:39867:3)