[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bleeding-sigs
Subject:    [Bleeding-sigs] more fps for storm sigs
From:       Russell Fulton <r.fulton () auckland ! ac ! nz>
Date:       2007-10-16 21:59:21
Message-ID: 47153439.5060703 () auckland ! ac ! nz
[Download RAW message or body]

[Attachment #2 (text/html)]

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Again I would suspect that this is skype traffic.<br>
<br>
Russell<br>
<br>
<br>
<table border="1" width="100%">
  <tbody>
    <tr>
      <td colspan="10">
      <table border="0" width="100%">
        <tbody>
          <tr>
            <td colspan="4" border="0" align="left">Time Window for
this screen:<b> Tue Oct 16 15:49:44 2007 </b> to <b> Wed Oct 17
10:55:01 2007 </b>
            </td>
            <td colspan="3" border="0" align="right"><br>
            </td>
          </tr>
        </tbody>
      </table>
      </td>
    </tr>
    <tr bgcolor="#dddddd">
      <td>Src</td>
      <td>Sig name</td>
      <td>Total Events</td>
      <td>Proto</td>
    </tr>
    <tr>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&amp;ipsrc=distinct%20&amp;groupby=none&amp;ip=130.216.185.145"> \
130.216.185.145</a> spar163-j4s8q1s.sbs.auckland.ac.nz  </td>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%20Search%20by%20md5%20&amp;ipdst=distinct%20&amp;groupby=signatures">
 BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5</a></td>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&amp;ipsrc=distinct%20&amp;groupby=none&amp;ip=130.216.185.145"> \
30</a></td>  <td>17</td>
    </tr>
    <tr>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&amp;ipsrc=distinct%20&amp;groupby=none&amp;ip=130.216.197.139"> \
130.216.197.139</a> cliff-lappy.tcs.auckland.ac.nz  </td>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%20Search%20by%20md5%20&amp;ipdst=distinct%20&amp;groupby=signatures">
 BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5</a></td>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&amp;ipsrc=distinct%20&amp;groupby=none&amp;ip=130.216.197.139"> \
2</a></td>  <td>17</td>
    </tr>
    <tr>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&amp;ipsrc=distinct%20&amp;groupby=none&amp;ip=130.216.227.64"> \
130.216.227.64</a> t.bishop.eng.auckland.ac.nz  </td>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%20Search%20by%20md5%20&amp;ipdst=distinct%20&amp;groupby=signatures">
 BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5</a></td>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&amp;ipsrc=distinct%20&amp;groupby=none&amp;ip=130.216.227.64"> \
59</a></td>  <td>17</td>
    </tr>
    <tr>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&amp;ipsrc=distinct%20&amp;groupby=none&amp;ip=130.216.98.103"> \
130.216.98.103</a> wks-113-108b-2.bbim.auckland.ac.nz  </td>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%20Search%20by%20md5%20&amp;ipdst=distinct%20&amp;groupby=signatures">
 BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5</a></td>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&amp;ipsrc=distinct%20&amp;groupby=none&amp;ip=130.216.98.103"> \
264</a></td>  <td>17</td>
    </tr>
    <tr>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&amp;ipsrc=distinct%20&amp;groupby=none&amp;ip=130.216.99.113"> \
130.216.99.113</a> wks-810-217-1.mba.auckland.ac.nz  </td>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%20Search%20by%20md5%20&amp;ipdst=distinct%20&amp;groupby=signatures">
 BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5</a></td>
      <td><a
 href="https://ruru.insec/placid/summary.py?%20&amp;timebefore=86400%20%20&amp;signame \
=BLEEDING-EDGE%20TROJAN%20Storm%20Worm%20Encrypted%20Traffic%20Outbound%20-%20Likely%2 \
0Search%20by%20md5%20&amp;ipsrc=distinct%20&amp;groupby=none&amp;ip=130.216.99.113"> \
935</a></td>  <td>17</td>
    </tr>
    <tr>
      <td colspan="4" border="0" align="right">
      <form method="post" action="summary.py"> <input name="timebefore"
 value="86400 " type="hidden"> <input name="signame"
 value="BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely Search by \
md5"  type="hidden"> <input name="ipdst" value="distinct" type="hidden"> <input
 name="groupby" value="ip" type="hidden"> <input name="skipgroups"
 value="0" type="hidden"></form>
      </td>
    </tr>
  </tbody>
</table>
</body>
</html>



_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic