- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Security Center question MX64 with Adv Sec.- not sure where to post.
My firewall keeps on getting trigged by Australia Perth Akamai Technologies Inc on brand new machine that I've just set up for a client. I installed Norton on that machine as per client request.
Does anyone know if this is a real attack?
Here's the threat:
INDICATOR-COMPROMISEContent-Type text/plain containing Portable Executable data
Thank you.
P
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if It is a real attack at least you know the MX is doing its job in blocking and letting you know!
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Let's take a look what this message is: https://www.snort.org/rule_docs/1-38619
"This event is generated when a Content-Type header reports plaintext, but there is Portable Executable data detected."
It's rather unusual for a file pretending to be plaintext but to be executable at the same time. There's a relatively high probability that this was a real attack, but to be sure, one would have to investigate further.
You can get further information at https://www.virustotal.com/gui/file/fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will have to have a dig and look for the files listed on that site. I was wondering if anyone else came across this one..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is great about the community...you can always learn! Thank you for the post, great knowing how to get more details on the alert from snort.org
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content