[Emerging-Sigs] Daily Ruleset Update Summary 12/17/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Dec 17 17:02:20 HAST 2012


 [***]          Summary:          [***]

 11 new Open rules.  14 new Pro rules (11/3).

 2016046 SofosFO second stage landing
 2016047 - 2016049 Prinimalka
 2016050 - 2016051 W32.Daws/Sanny
 2016052 - 2016056 Unknown EK possibly Kein?

 2805841 - 2805843 Daily Pro Malware/Trojan coverage.


 [+++]          Added rules:          [+++]

  Open:
  2016046 - ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage
landing page (2) (current_events.rules)
  2016047 - ET TROJAN W32/Prinimalka Get Task CnC Beacon (trojan.rules)
  2016048 - ET TROJAN W32/Prinimalka Configuration Update Request
(trojan.rules)
  2016049 - ET TROJAN W32/Prinimalka Prinimalka.py Script In CnC Beacon
(trojan.rules)
  2016050 - ET TROJAN W32.Daws/Sanny CnC Initial Beacon (trojan.rules)
  2016051 - ET TROJAN W32.Daws/Sanny CnC POST (trojan.rules)
  2016052 - ET CURRENT_EVENTS Unknown_gmf EK - Payload Download Requested
(current_events.rules)
  2016053 - ET CURRENT_EVENTS Unknown_gmf EK - Payload Download Received
(current_events.rules)
  2016054 - ET CURRENT_EVENTS Unknown_gmf EK - Server Response -
Application Error (current_events.rules)
  2016055 - ET CURRENT_EVENTS Unknown_gmf EK - pdfx.html
(current_events.rules)
  2016056 - ET CURRENT_EVENTS Unknown_gmf EK - flsh.html
(current_events.rules)

  Pro:
  2805841 - ETPRO MOBILE_MALWARE AndroidOS/GGTracker.A Checkin
(mobile_malware.rules)
  2805842 - ETPRO TROJAN Troj/Ransom-KS / Troj/Matsu-A Checkin
(trojan.rules)
  2805843 - ETPRO MOBILE_MALWARE Android/TrojanSMS.FakeInst.U Checkin
(mobile_malware.rules)

 [///]     Modified active rules:     [///]

  2015797 - ET CURRENT_EVENTS Blackhole 2 Landing Page (3)
(current_events.rules)
  2015798 - ET CURRENT_EVENTS Blackhole 2 Landing Page (4)
(current_events.rules)
  2016012 - ET CURRENT_EVENTS CritXPack PDF Request (2)
(current_events.rules)
  2016019 - ET TROJAN Win32.boCheMan-A/Dexter (trojan.rules)
  2016033 - ET CURRENT_EVENTS Simple Slowloris Flooder
(current_events.rules)

 [---]         Removed rules:         [---]

  2008143 - ET TROJAN Downloader Checkin Pattern Used by Several Trojans
(trojan.rules)
  2804193 - ETPRO CURRENT_EVENTS HTTP Request to a *.de.ms Free Domain
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121217/8aa0fa62/attachment.html>


More information about the Emerging-sigs mailing list