More file extraction testing. Here we’re looking at the highest ranked bothunter event for the last week, which is classified as “/snort-trojan-activity/Egg Download/: 1.7002773:E3-Egg Download ET TROJAN FSG Packed Binary via HTTP Inbound”. The reputation result from SRI is expected, and the direct integration to virustotal is working well.
Still not entirely sure why ntop is calling the windows client honeypot “ubuntu”, probably some kind of netbois naming confusion.
