[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Mon Mar 17 12:39:54 EST 2008


[***] Results from Oinkmaster started Mon Mar 17 13:39:54 2008 [***]

[+++]          Added rules:          [+++]

 2008006 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 (bleeding.rules)
 2008007 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 reply (bleeding.rules)
 2008008 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Checkin Replies (bleeding.rules)
 2008009 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Pong (bleeding.rules)
 2008010 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Ping (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (5):
        2008006 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1
        2008007 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 reply
        2008008 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Checkin Replies
        2008009 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Pong
        2008010 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Ping

     -> Added to bleeding-sid-msg.map.txt (5):
        2008006 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1
        2008007 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 reply
        2008008 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Checkin Replies
        2008009 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Pong
        2008010 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Ping

     -> Added to bleeding.rules (3):
        #by matt jonkman
        #holding here till the malware gets a name, so far unknown by AV other than heuristically bad
        #re sample 41c62970ea34413c4011b220724bf029



More information about the Emerging-updates mailing list