[Emerging-Sigs] Daily Ruleset Update Summary 10/13/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Thu Oct 13 19:37:44 EDT 2011


16 new rules today, 8 open and 8 pro. Nice split there!

The cerberus ones in particular are important. If you get hits look into them.

Enjoy!

[+++]          Added rules:          [+++]

 2012801 - ET TROJAN Spoofed MSIE 7 User-Agent Likely Ponmocup (trojan.rules)
 2013771 - ET TROJAN Win32.Cerberus RAT Checkin Outbound (trojan.rules)
 2013772 - ET TROJAN Win32.Cerberus RAT Checkin Response (trojan.rules)
 2013773 - ET TROJAN Win32.Cerberus RAT Client pong (trojan.rules)
 2013774 - ET TROJAN Win32.Cerberus RAT Server ping (trojan.rules)
 2013775 - ET CURRENT_EVENTS Saturn Exploit Kit binary download request (current_events.rules)
 2013776 - ET CURRENT_EVENTS Saturn Exploit Kit probable Java exploit request (current_events.rules)
 2013777 - ET CURRENT_EVENTS Saturn Exploit Kit probable Java MIDI exploit request (current_events.rules)

Pro sigs:

 2803859 - ETPRO TROJAN Backdoor.Win32.Wuca Checkin (trojan.rules)
 2803860 - ETPRO TROJAN Trojan.Win32.Cossta.pyo Checkin (trojan.rules)
 2803861 - ETPRO TROJAN Win32/Dofoil.L Checkin 2 (trojan.rules)
 2803862 - ETPRO TROJAN Win32/Tiptuf.A Checkin (trojan.rules)
 2803863 - ETPRO TROJAN Win32/Yabinder.2_0 User-Agent (Sekreter) (trojan.rules)
 2803864 - ETPRO TROJAN Trojan.Win32.FakeAV.iekx Checkin (trojan.rules)
 2803865 - ETPRO TROJAN Trojan.Generic.6643598 Checkin (trojan.rules)
 2803866 - ETPRO TROJAN Win32/Nosrawec.C Checkin (trojan.rules)


[///]     Modified active rules:     [///]

Pcre typo fix and generalized slightly:
 2013740 - ET TROJAN Zeus/Aeausuc P2P Variant Retrieving Peers List (trojan.rules)

Changed for Suricata primarily, to "ip" vs "tcp". Significant performance improvement.
 2013753 - ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Inbound SRV-2 (trojan.rules)
 2013754 - ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Outbound SRV-2 (trojan.rules)
 2013755 - ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Inbound SRV-1 (trojan.rules)
 2013756 - ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Outbound SRV-1 (trojan.rules)

----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4364 bytes
Desc: not available
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111013/ede7c6cb/smime.bin


More information about the Emerging-sigs mailing list