[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Sat Mar 22 16:01:59 EST 2008


[***] Results from Oinkmaster started Sat Mar 22 17:01:59 2008 [***]

[---]         Removed rules:         [---]

 2008006 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 (bleeding.rules)
 2008007 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 reply (bleeding.rules)
 2008008 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Checkin Replies (bleeding.rules)
 2008009 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Pong (bleeding.rules)
 2008010 - ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Ping (bleeding.rules)


[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (5):
        2008006 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1
        2008007 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 reply
        2008008 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Checkin Replies
        2008009 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Pong
        2008010 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Ping

     -> Removed from bleeding-sid-msg.map.txt (5):
        2008006 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1
        2008007 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Packet 1 reply
        2008008 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Checkin Replies
        2008009 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Pong
        2008010 || ET CURRENT_EVENTS Unknown Trojan CnC Channel Keepalive Ping

     -> Removed from bleeding.rules (3):
        #by matt jonkman
        #holding here till the malware gets a name, so far unknown by AV other than heuristically bad
        #re sample 41c62970ea34413c4011b220724bf029



More information about the Emerging-updates mailing list