[prev in list] [next in list] [prev in thread] [next in thread]
List: bleeding-sigs
Subject: [Bleeding-sigs] more fps for storm sigs
From: Russell Fulton <r.fulton () auckland ! ac ! nz>
Date: 2007-10-16 21:59:21
Message-ID: 47153439.5060703 () auckland ! ac ! nz
[Download RAW message or body]
[Attachment #2 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Again I would suspect that this is skype traffic.<br>
<br>
Russell<br>
<br>
<br>
<table border="1" width="100%">
<tbody>
<tr>
<td colspan="10">
<table border="0" width="100%">
<tbody>
<tr>
<td colspan="4" border="0" align="left">Time Window for
this screen:<b> Tue Oct 16 15:49:44 2007 </b> to <b> Wed Oct 17
10:55:01 2007 </b>
</td>
<td colspan="3" border="0" align="right"><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr bgcolor="#dddddd">
<td>Src</td>
<td>Sig name</td>
<td>Total Events</td>
<td>Proto</td>
</tr>
<tr>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&ipsrc=distinct%20&groupby=none&ip=130.216.185.145"> \
130.216.185.145</a> spar163-j4s8q1s.sbs.auckland.ac.nz </td>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%20Search%20by%20md5%20&ipdst=distinct%20&groupby=signatures">
BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5</a></td>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&ipsrc=distinct%20&groupby=none&ip=130.216.185.145"> \
30</a></td> <td>17</td>
</tr>
<tr>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&ipsrc=distinct%20&groupby=none&ip=130.216.197.139"> \
130.216.197.139</a> cliff-lappy.tcs.auckland.ac.nz </td>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%20Search%20by%20md5%20&ipdst=distinct%20&groupby=signatures">
BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5</a></td>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&ipsrc=distinct%20&groupby=none&ip=130.216.197.139"> \
2</a></td> <td>17</td>
</tr>
<tr>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&ipsrc=distinct%20&groupby=none&ip=130.216.227.64"> \
130.216.227.64</a> t.bishop.eng.auckland.ac.nz </td>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%20Search%20by%20md5%20&ipdst=distinct%20&groupby=signatures">
BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5</a></td>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&ipsrc=distinct%20&groupby=none&ip=130.216.227.64"> \
59</a></td> <td>17</td>
</tr>
<tr>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&ipsrc=distinct%20&groupby=none&ip=130.216.98.103"> \
130.216.98.103</a> wks-113-108b-2.bbim.auckland.ac.nz </td>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%20Search%20by%20md5%20&ipdst=distinct%20&groupby=signatures">
BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5</a></td>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&ipsrc=distinct%20&groupby=none&ip=130.216.98.103"> \
264</a></td> <td>17</td>
</tr>
<tr>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&ipsrc=distinct%20&groupby=none&ip=130.216.99.113"> \
130.216.99.113</a> wks-810-217-1.mba.auckland.ac.nz </td>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%20Search%20by%20md5%20&ipdst=distinct%20&groupby=signatures">
BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5</a></td>
<td><a
href="https://ruru.insec/placid/summary.py?%20&timebefore=86400%20%20&signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&ipsrc=distinct%20&groupby=none&ip=130.216.99.113"> \
935</a></td> <td>17</td>
</tr>
<tr>
<td colspan="4" border="0" align="right">
<form method="post" action="summary.py"> <input name="timebefore"
value="86400 " type="hidden"> <input name="signame"
value="BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely Search by \
md5" type="hidden"> <input name="ipdst" value="distinct" type="hidden"> <input
name="groupby" value="ip" type="hidden"> <input name="skipgroups"
value="0" type="hidden"></form>
</td>
</tr>
</tbody>
</table>
</body>
</html>
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic