[Emerging-Sigs] Emerging Threats Daily Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Thu Mar 27 16:00:09 EST 2008
[***] Results from Oinkmaster started Thu Mar 27 17:00:09 2008 [***]
[+++] Added rules: [+++]
2008058 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443 (bleeding-virus.rules)
2008059 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 port 443 (bleeding-virus.rules)
2008060 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response port 443 (bleeding-virus.rules)
2008061 - ET TROJAN LDPinch Checkin (4) (bleeding-virus.rules)
[///] Modified active rules: [///]
2006435 - ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce Tool (bleeding-scan.rules)
2006546 - ET SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack! (bleeding-scan.rules)
2007962 - ET TROJAN Vipdataend C&C Traffic - Checkin (bleeding-virus.rules)
2008056 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 (bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (4):
2008058 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443
2008059 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 port 443
2008060 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response port 443
2008061 || ET TROJAN LDPinch Checkin (4)
-> Added to bleeding-sid-msg.map.txt (4):
2008058 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443
2008059 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 port 443
2008060 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response port 443
2008061 || ET TROJAN LDPinch Checkin (4)
-> Added to bleeding-virus.rules (1):
#also seeing the same on 443
More information about the Emerging-sigs
mailing list