[Emerging-Sigs] Daily Ruleset Update Summary 10/25/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Tue Oct 25 21:43:55 EDT 2011


7 new open sigs and 14 new Pro subscriber sigs. An update to the CI Army sigs as well. Enjoy!

[+++]          Added rules:          [+++]

 2013800 - ET POLICY OutGoing Chromoting Session (policy.rules)
 2013801 - ET POLICY Incoming Chromoting Session (policy.rules)
 2013802 - ET TROJAN Cycbot POST (trojan.rules)
 2013803 - ET TROJAN Unknown checkin (trojan.rules)
 2013804 - ET CURRENT_EVENTS Possible Redirection to Unknown Exploit Pack (current_events.rules)
 2013805 - ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate CN of common Possible SSL CnC (current_events.rules)
 2013806 - ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate with admin at common Possible SSL CnC (current_events.rules)

Pro sigs:
 2803916 - ETPRO TROJAN Likely Proxy Check Request (trojan.rules)
 2803917 - ETPRO TROJAN Win32/Rebhip.A CnC traffic (trojan.rules)
 2803918 - ETPRO TROJAN Win32/Nitol.B CnC traffic (trojan.rules)
 2803919 - ETPRO TROJAN TrojanProxy.Win32/Sefbov.E Checkin (trojan.rules)
 2803920 - ETPRO TROJAN Trojan.Heur.DP.2GW.aiZeT.pG Checkin (trojan.rules)
 2803921 - ETPRO TROJAN W32/Softonic.A.gen!Eldorado Checkin (trojan.rules)
 2803922 - ETPRO TROJAN Win32/Usteal.A Checkin (trojan.rules)
 2803923 - ETPRO TROJAN Troj/Bancos-BIO Checkin (trojan.rules)

In line with other IP check sigs, not always bad, but mostly.
 2803924 - ETPRO POLICY request to IP Geolocation Service (maxmind.com) (policy.rules)

 2803925 - ETPRO GAMES Vice City Multiplayer PC Game User-Agent (VCMP/0.3zr2) (games.rules)
 2803926 - ETPRO TROJAN Trojan.Autoit.AOI Checkin (trojan.rules)
 2803927 - ETPRO TROJAN Win32/fkfldwrm.A Checkin (trojan.rules)
 2803928 - ETPRO TROJAN Backdoor/Ruskill.ce Joining IRC Channel (trojan.rules)
 2803929 - ETPRO TROJAN Win32/Sulunch Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2013400 - ET POLICY Request to Suspicious Games at pcgame.gamedia.cn (policy.rules)
 2013439 - ET TROJAN Dirt Jumper/Russkill3 Checkin (trojan.rules)
 2013710 - ET TROJAN TrojWare.Win32.Trojan.Agent.Gen Reporting (trojan.rules)



[///]    Modified inactive rules:    [///]

Fast pattern human error fixes:
 2001620 - ET ATTACK_RESPONSE Likely Botnet Activity (attack_response.rules)
 2003208 - ET TROJAN IRC pBot PHP Bot Commands (trojan.rules)

----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------



More information about the Emerging-sigs mailing list