[Emerging-updates] Daily Ruleset Update Summary 10/2/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Thu Feb 10 14:52:14 EST 2011


This is just an incremental update, we wanted to get the Night Dragon sigs out asap. We may have another tarball yet this afternoon depending on how other research underway shapes up. 

[+++]          Added rules:          [+++]

 2012303 - ET TROJAN Night Dragon CnC Beacon Outbound (trojan.rules)
 2012304 - ET TROJAN Night Dragon CnC Beacon Inbound (trojan.rules)
 2012305 - ET TROJAN Night Dragon CnC Traffic Inbound 2 (trojan.rules)
 2012306 - ET TROJAN Night Dragon CnC Traffic Outbound 2 (trojan.rules)


We also moved a number of chat rules from policy to the chat ruleset for organizational reasons. No changes to the rules themselves. 

Please report your experiences on the Night Dragon rules. They fared well in FP testing, but real world is always the true test!

More on the incident itself here:
http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf

http://blogs.mcafee.com/corporate/cto/global-energy-industry-hit-in-night-dragon-attacks

http://www.networkworld.com/news/2011/021011-night-dragon-attacks-from-china.html?page=2

Matt



----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list