[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Mon Mar 17 16:00:09 EST 2008 

[***] Results from Oinkmaster started Mon Mar 17 17:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2008003 - ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin (bleeding-virus.rules)
 2008004 - ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin (2) (bleeding-virus.rules)
 2008005 - ET TROJAN Backdoor.Win32.VB.cfi (related) System Info Upload via FTP (bleeding-virus.rules)
 2008006 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 (bleeding.rules)
 2008007 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 reply (bleeding.rules)
 2008008 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Checkin Replies (bleeding.rules)
 2008009 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Pong (bleeding.rules)
 2008010 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Ping (bleeding.rules)


[---]         Removed rules:         [---]

 2007983 - ET TROJAN LDPinch Checkin (4) (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (8):
        2008003 || ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin
        2008004 || ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin (2)
        2008005 || ET TROJAN Backdoor.Win32.VB.cfi (related) System Info Upload via FTP
        2008006 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1
        2008007 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 reply
        2008008 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Checkin Replies
        2008009 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Pong
        2008010 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Ping

     -> Added to bleeding-sid-msg.map.txt (8):
        2008003 || ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin
        2008004 || ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin (2)
        2008005 || ET TROJAN Backdoor.Win32.VB.cfi (related) System Info Upload via FTP
        2008006 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1
        2008007 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 reply
        2008008 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Checkin Replies
        2008009 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Pong
        2008010 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Ping

     -> Added to bleeding.rules (3):
        #by matt jonkman
        #holding here till the malware gets a name, so far unknown by AV other than heuristically bad
        #re sample 41c62970ea34413c4011b220724bf029

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2007983 || ET TROJAN LDPinch Checkin (4)

     -> Removed from bleeding-sid-msg.map.txt (1):
        2007983 || ET TROJAN LDPinch Checkin (4)

More information about the Emerging-sigs mailing list