intelmq icon indicating copy to clipboard operation
intelmq copied to clipboard
verified publisher icon certtools

Cymru CAP Parser: malware http_post

Open ghost opened this issue 4 years ago • 1 comments

One more thing, the line:

controller|x.x.x.x|12525|2021-03-11 00:02:14|family: http_post;hostname: domain.lv;;port: 80;|INTERNETLTD, LV

produces "malware.name": "http_post" - is this expected?

Originally posted by @aleksejsv in https://github.com/certtools/intelmq/issues/1795#issuecomment-797462634

ghost avatar Mar 12 '21 12:03 ghost

I don't know what the http_post malware family should be. I appreciate any insight on this. We can also inquire Cymru on that.

ghost avatar Mar 12 '21 13:03 ghost