[Emerging-updates] Daily Ruleset Update Summary 4/23/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Apr 23 20:52:31 EDT 2012


3 new Open Rules 6 new Pro rules. A bunch of fixes and tweaks. Clean-up of
old PCRE only rules moved to DELETED.  Enjoy!

 [+++]          Added rules:          [+++]

 Open:
  2014631 - ET CURRENT_EVENTS FakeAV Security Shield payment page request
(current_events.rules)
 2014632 - ET TROJAN FireEye.STX RAT Checkin (trojan.rules)
 2014633 - ET WEB_SPECIFIC_APPS phpMyAdmin setup.php Remote File inclusion
Attempt (web_specific_apps.rules)

 Pro:
 2804841 - ETPRO TROJAN Win32/Opachki.F Checkin (trojan.rules)
 2804842 - ETPRO TROJAN Trojan-FakeAV.Win32.SmartFortress2012.lw Checkin
(trojan.rules)
 2804843 - ETPRO POLICY Online Casino King Jackpot User-Agent
(DownloadForcer) (policy.rules)
 2804844 - ETPRO TROJAN Trojan.Downloader.Agent-1187 Checkin (trojan.rules)
 2804845 - ETPRO TROJAN Trojan.Win32.Vilsel Checkin (trojan.rules)
 2804846 - ETPRO TROJAN Win32/Ponfoy.A Checkin (trojan.rules)


 [+++]         Enabled rules:         [+++]

 2804466 - ETPRO POLICY Direct Support for Applications Remote control
session (policy.rules)


 [///]     Modified active rules:     [///]

 2002158 - ET WEB_SERVER XML-RPC for PHP Remote Code Injection
(web_server.rules)
 2007616 - ET USER_AGENTS klm123.com Spyware User Agent (user_agents.rules)
 2007683 - ET TROJAN E-Jihad 3.0 HTTP Activity 1 (trojan.rules)
 2007684 - ET TROJAN E-Jihad 3.0 HTTP Activity 2 (trojan.rules)
 2007685 - ET TROJAN E-Jihad 3.0 HTTP Activity 3 (trojan.rules)
 2008073 - ET TROJAN Suspicious User-Agent (App4) (trojan.rules)
 2008317 - ET TROJAN Hitpop.AG/Pophot.az HTTP Checkin (trojan.rules)
 2008664 - ET TROJAN Generic Dropper HTTP Bot grabbing config (trojan.rules)
 2008942 - ET POLICY Dlink Soho Router Config Page Access Attempt
(policy.rules)
 2009533 - ET TROJAN Keylogger Pro Update Check (trojan.rules)
 2010157 - ET POLICY Suspicious User-Agent (XXX) Often Sony Update Related
(policy.rules)
 2010337 - ET TROJAN FakeAV Reporting - POST often to
resolution|borders.php (trojan.rules)
 2010699 - ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web
Server Login Remote Buffer Overflow Attempt (web_specific_apps.rules)
 2010885 - ET TROJAN BlackEnergy v2.x HTTP Request with Encrypted Variables
(trojan.rules)
 2012139 - ET TROJAN Storm/Waledac 3.0 Checkin 2 (trojan.rules)
 2013337 - ET TROJAN PoisonIvy.E Keepalive to CnC (trojan.rules)
 2013416 - ET SCAN libwww-perl GET to // with specific HTTP header ordering
without libwww-perl User-Agent (scan.rules)
 2013419 - ET TROJAN FakeAV FakeAlert.Rena or similar Checkin Flowbit Set 2
(trojan.rules)
 2013805 - ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate CN of
common Possible SSL CnC (current_events.rules)
 2013806 - ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate with
admin at common Possible SSL CnC (current_events.rules)

 Pro:
 2803509 - ETPRO TROJAN Win32/Dogrobot.D Checkin (trojan.rules)
 2804769 - ETPRO TROJAN OSX/Flashback CnC Domain Lookup 4-23-2012
(trojan.rules)
 2804770 - ETPRO TROJAN OSX/Flashback HTTP Request to CnC Domain 4-23-2012
(trojan.rules)
 2804771 - ETPRO TROJAN OSX/Flashback CnC Domain Lookup 4-24-2012
(trojan.rules)
 2804772 - ETPRO TROJAN OSX/Flashback HTTP Request to CnC Domain 4-24-2012
(trojan.rules)
 2804773 - ETPRO TROJAN OSX/Flashback CnC Domain Lookup 4-25-2012
(trojan.rules)
 2804774 - ETPRO TROJAN OSX/Flashback HTTP Request to CnC Domain 4-25-2012
(trojan.rules)
 2804775 - ETPRO TROJAN OSX/Flashback CnC Domain Lookup 4-26-2012
(trojan.rules)
 2804776 - ETPRO TROJAN OSX/Flashback HTTP Request to CnC Domain 4-26-2012
(trojan.rules)
 2804777 - ETPRO TROJAN OSX/Flashback CnC Domain Lookup 4-27-2012
(trojan.rules)
 2804778 - ETPRO TROJAN OSX/Flashback HTTP Request to CnC Domain 4-27-2012
(trojan.rules)


 [---]         Disabled rules:        [---]

 2008139 - ET TROJAN RhiFrem Trojan Activity - cmd (trojan.rules)
 2008140 - ET TROJAN RhiFrem Trojan Activity - log (trojan.rules)


 [---]         Removed rules:         [---]

 2001446 - ET MALWARE PeopleOnPage Ping (malware.rules)
 2002410 - ET POLICY SMTP Non-US Restricted Outbound (policy.rules)
 2002411 - ET POLICY SMTP Non-US Confidential Outbound (policy.rules)
 2002412 - ET POLICY SMTP Non-US Top Secret Outbound (policy.rules)
 2002413 - ET POLICY SMTP Non-US Secret (policy.rules)
 2002414 - ET POLICY SMTP NATO Restricted (policy.rules)
 2002415 - ET POLICY SMTP NATO Confidential Atomal (policy.rules)
 2002416 - ET POLICY SMTP NATO Confidential (policy.rules)
 2002417 - ET POLICY SMTP NATO COSMIC Top Secret Atomal (policy.rules)
 2002418 - ET POLICY SMTP NATO Secret Atomal (policy.rules)
 2002419 - ET POLICY SMTP NATO Secret (policy.rules)
 2002420 - ET POLICY SMTP US Confidential, Electronic (policy.rules)
 2002421 - ET POLICY SMTP US Top Secret, Electronic (policy.rules)
 2002422 - ET POLICY SMTP US Secret, Electronic (policy.rules)
 2002423 - ET POLICY SMTP US Confidential REL TO (policy.rules)
 2002424 - ET POLICY SMTP US Top Secret REL TO (policy.rules)
 2002429 - ET POLICY SMTP US Unclassified COMSEC (policy.rules)
 2002430 - ET POLICY SMTP US Confidential COMSEC (policy.rules)
 2002431 - ET POLICY SMTP US Top Secret COMSEC (policy.rules)
 2002434 - ET POLICY SMTP US Top Secret CNWDI (policy.rules)
 2002436 - ET POLICY SMTP US Top Secret TK (policy.rules)
 2002438 - ET POLICY SMTP US FGI (policy.rules)
 2002439 - ET POLICY SMTP US FOUO (policy.rules)
 2002440 - ET POLICY SMTP US Confidential NOFORN (policy.rules)
 2002441 - ET POLICY SMTP US Top Secret NOFORN (policy.rules)
 2002443 - ET POLICY SMTP US Confidential ORCON (policy.rules)
 2002444 - ET POLICY SMTP US Top Secret ORCON (policy.rules)
 2002446 - ET POLICY SMTP US Unclassified PROPIN (policy.rules)
 2002447 - ET POLICY SMTP US Confidential PROPIN (policy.rules)
 2002448 - ET POLICY SMTP US Top Secret PROPIN (policy.rules)
 2002450 - ET POLICY SMTP US Confidential RD (policy.rules)
 2002451 - ET POLICY SMTP US Top Secret RD (policy.rules)
 2002453 - ET POLICY SMTP US SAMI (policy.rules)
 2002454 - ET POLICY SMTP US Confidential SPECAT (policy.rules)
 2002455 - ET POLICY SMTP US Top Secret SPECAT (policy.rules)
 2002457 - ET POLICY SMTP US Top Secret STOP (policy.rules)
 2002458 - ET POLICY SMTP Private (policy.rules)
 2002459 - ET POLICY SMTP Restricted (policy.rules)
 2002462 - ET POLICY SMTP Top Secret (policy.rules)
 2002463 - ET POLICY SMTP Sealed (policy.rules)
 2002464 - ET POLICY SMTP Sensitive (policy.rules)
 2002465 - ET POLICY SMTP Proprietary (policy.rules)
 2002466 - ET POLICY SMTP Protected (policy.rules)
 2002467 - ET POLICY SMTP Law Enorcement Sensitive (policy.rules)
 2002468 - ET POLICY SMTP Internal Use Only (policy.rules)
 2002469 - ET POLICY SMTP Date of Birth (policy.rules)
 2002470 - ET POLICY SMTP HCPCS Code (policy.rules)
 2002471 - ET POLICY SMTP ICD-10 Code (policy.rules)
 2002472 - ET POLICY SMTP FDA NDC Code (policy.rules)
 2002473 - ET POLICY SMTP ADA Procedure Code (policy.rules)
 2002474 - ET POLICY SMTP DSM-IV Code (policy.rules)
 2002475 - ET POLICY SMTP AMA CPT Code (policy.rules)
 2002477 - ET POLICY SMTP Credit Card, JCB (policy.rules)
 2002483 - ET POLICY SMTP Password (policy.rules)
 2002484 - ET POLICY SMTP Appraisal (policy.rules)
 2002485 - ET POLICY SMTP Account Balance (policy.rules)
 2002486 - ET POLICY SMTP Payment History (policy.rules)
 2002487 - ET POLICY SMTP Annual Income (policy.rules)
 2002488 - ET POLICY SMTP Credit History (policy.rules)
 2002489 - ET POLICY SMTP Transaction History (policy.rules)
 2002490 - ET POLICY SMTP Customer List (policy.rules)
 2002495 - ET POLICY HTTP Non-US Restricted (policy.rules)
 2002496 - ET POLICY HTTP - Non-US Confidential (policy.rules)
 2002497 - ET POLICY HTTP - Non-US Top Secret (policy.rules)
 2002498 - ET POLICY HTTP - Non-US Secret (policy.rules)
 2002499 - ET POLICY HTTP - NATO Restricted (policy.rules)
 2002500 - ET POLICY HTTP - NATO Confidential Atomal (policy.rules)
 2002501 - ET POLICY HTTP - NATO Confidential (policy.rules)
 2002502 - ET POLICY HTTP - NATO COSMIC Top Secret Atomal (policy.rules)
 2002503 - ET POLICY HTTP - NATO Secret Atomal (policy.rules)
 2002504 - ET POLICY HTTP - NATO Secret (policy.rules)
 2002505 - ET POLICY HTTP - US Confidential, Electronic (policy.rules)
 2002506 - ET POLICY HTTP - US Top Secret, Electronic (policy.rules)
 2002507 - ET POLICY HTTP - US Secret, Electronic (policy.rules)
 2002508 - ET POLICY HTTP - US Confidential REL TO (policy.rules)
 2002509 - ET POLICY HTTP - US Top Secret REL TO (policy.rules)
 2002514 - ET POLICY HTTP - US Unclassified COMSEC (policy.rules)
 2002515 - ET POLICY HTTP - US Confidential COMSEC (policy.rules)
 2002516 - ET POLICY HTTP - US Top Secret COMSEC (policy.rules)
 2002519 - ET POLICY HTTP - US Top Secret CNWDI (policy.rules)
 2002521 - ET POLICY HTTP - US Top Secret TK (policy.rules)
 2002523 - ET POLICY HTTP - US FGI (policy.rules)
 2002524 - ET POLICY HTTP - US FOUO (policy.rules)
 2002525 - ET POLICY HTTP - US Confidential NOFORN (policy.rules)
 2002526 - ET POLICY HTTP - US Top Secret NOFORN (policy.rules)
 2002528 - ET POLICY HTTP - US Top Secret ORCON (policy.rules)
 2002530 - ET POLICY HTTP - US Unclassified PROPIN (policy.rules)
 2002531 - ET POLICY HTTP - US Confidential PROPIN (policy.rules)
 2002532 - ET POLICY HTTP - US Top Secret PROPIN (policy.rules)
 2002534 - ET POLICY HTTP - US Confidential RD (policy.rules)
 2002535 - ET POLICY HTTP - US Top Secret RD (policy.rules)
 2002537 - ET POLICY HTTP - US SAMI (policy.rules)
 2002538 - ET POLICY HTTP - US Confidential SPECAT (policy.rules)
 2002539 - ET POLICY HTTP - US Top Secret SPECAT (policy.rules)
 2002541 - ET POLICY HTTP - US Top Secret STOP (policy.rules)
 2002542 - ET POLICY HTTP - Private (policy.rules)
 2002543 - ET POLICY HTTP - Restricted (policy.rules)
 2002544 - ET POLICY HTTP - Confidential (policy.rules)
 2002546 - ET POLICY HTTP - Top Secret (policy.rules)
 2002547 - ET POLICY HTTP - Sealed (policy.rules)
 2002548 - ET POLICY HTTP - Sensitive (policy.rules)
 2002549 - ET POLICY HTTP - Proprietary (policy.rules)
 2002550 - ET POLICY HTTP - Protected (policy.rules)
 2002551 - ET POLICY HTTP - Law Enorcement Sensitive (policy.rules)
 2002552 - ET POLICY HTTP - Internal Use Only (policy.rules)
 2002553 - ET POLICY HTTP - Date of Birth (policy.rules)
 2002554 - ET POLICY HTTP - HCPCS Code (policy.rules)
 2002555 - ET POLICY HTTP - ICD-10 Code (policy.rules)
 2002556 - ET POLICY HTTP - FDA NDC Code (policy.rules)
 2002557 - ET POLICY HTTP - ADA Procedure Code (policy.rules)
 2002558 - ET POLICY HTTP - DSM-IV Code (policy.rules)
 2002559 - ET POLICY HTTP - AMA CPT Code (policy.rules)
 2002561 - ET POLICY HTTP - Credit Card, JCB (policy.rules)
 2002567 - ET POLICY HTTP - Password (policy.rules)
 2002568 - ET POLICY HTTP - Appraisal (policy.rules)
 2002569 - ET POLICY HTTP - Account Balance (policy.rules)
 2002570 - ET POLICY HTTP - Payment History (policy.rules)
 2002571 - ET POLICY HTTP - Annual Income (policy.rules)
 2002572 - ET POLICY HTTP - Credit History (policy.rules)
 2002573 - ET POLICY HTTP - Transaction History (policy.rules)
 2002574 - ET POLICY HTTP - Customer List (policy.rules)
 2002575 - ET POLICY High Ports - Non-US Restricted (policy.rules)
 2002576 - ET POLICY High Ports - Non-US Confidential (policy.rules)
 2002577 - ET POLICY High Ports - Non-US Top Secret (policy.rules)
 2002578 - ET POLICY High Ports - Non-US Secret (policy.rules)
 2002579 - ET POLICY High Ports - NATO Restricted (policy.rules)
 2002580 - ET POLICY High Ports - NATO Confidential Atomal (policy.rules)
 2002581 - ET POLICY High Ports - NATO Confidential (policy.rules)
 2002582 - ET POLICY High Ports - NATO COSMIC Top Secret Atomal
(policy.rules)
 2002583 - ET POLICY High Ports - NATO Secret Atomal (policy.rules)
 2002584 - ET POLICY High Ports - NATO Secret (policy.rules)
 2002585 - ET POLICY High Ports - US Confidential, Electronic (policy.rules)
 2002586 - ET POLICY High Ports - US Top Secret, Electronic (policy.rules)
 2002587 - ET POLICY High Ports - US Secret, Electronic (policy.rules)
 2002588 - ET POLICY High Ports - US Confidential REL TO (policy.rules)
 2002589 - ET POLICY High Ports - US Top Secret REL TO (policy.rules)
 2002594 - ET POLICY High Ports - US Unclassified COMSEC (policy.rules)
 2002595 - ET POLICY High Ports - US Confidential COMSEC (policy.rules)
 2002596 - ET POLICY High Ports - US Top Secret COMSEC (policy.rules)
 2002599 - ET POLICY High Ports - US Top Secret CNWDI (policy.rules)
 2002601 - ET POLICY High Ports - US Top Secret TK (policy.rules)
 2002603 - ET POLICY High Ports - US FGI (policy.rules)
 2002604 - ET POLICY High Ports - US FOUO (policy.rules)
 2002605 - ET POLICY High Ports - US Confidential NOFORN (policy.rules)
 2002606 - ET POLICY High Ports - US Top Secret NOFORN (policy.rules)
 2002608 - ET POLICY High Ports - US Confidential ORCON (policy.rules)
 2002609 - ET POLICY High Ports - US Top Secret ORCON (policy.rules)
 2002611 - ET POLICY High Ports - US Unclassified PROPIN (policy.rules)
 2002612 - ET POLICY High Ports - US Confidential PROPIN (policy.rules)
 2002613 - ET POLICY High Ports - US Top Secret PROPIN (policy.rules)
 2002615 - ET POLICY High Ports - US Confidential RD (policy.rules)
 2002616 - ET POLICY High Ports - US Top Secret RD (policy.rules)
 2002618 - ET POLICY High Ports - US SAMI (policy.rules)
 2002619 - ET POLICY High Ports - US Confidential SPECAT (policy.rules)
 2002620 - ET POLICY High Ports - US Top Secret SPECAT (policy.rules)
 2002622 - ET POLICY High Ports - US Top Secret STOP (policy.rules)
 2002623 - ET POLICY High Ports - Private (policy.rules)
 2002624 - ET POLICY High Ports - Restricted (policy.rules)
 2002625 - ET POLICY High Ports - Confidential (policy.rules)
 2002627 - ET POLICY High Ports - Top Secret (policy.rules)
 2002628 - ET POLICY High Ports - Sealed (policy.rules)
 2002629 - ET POLICY High Ports - Sensitive (policy.rules)
 2002630 - ET POLICY High Ports - Proprietary (policy.rules)
 2002631 - ET POLICY High Ports - Protected (policy.rules)
 2002632 - ET POLICY High Ports - Law Enorcement Sensitive (policy.rules)
 2002633 - ET POLICY High Ports - Internal Use Only (policy.rules)
 2002634 - ET POLICY High Ports - Date of Birth (policy.rules)
 2002635 - ET POLICY High Ports - HCPCS Code (policy.rules)
  2002636 - ET POLICY High Ports - ICD-10 Code (policy.rules)
 2002637 - ET POLICY High Ports - FDA NDC Code (policy.rules)
 2002638 - ET POLICY High Ports - ADA Procedure Code (policy.rules)
 2002639 - ET POLICY High Ports - DSM-IV Code (policy.rules)
 2002640 - ET POLICY High Ports - AMA CPT Code (policy.rules)
 2002642 - ET POLICY High Ports - Credit Card, JCB (policy.rules)
 2002648 - ET POLICY High Ports - Password (policy.rules)
 2002649 - ET POLICY High Ports - Appraisal (policy.rules)
 2002650 - ET POLICY High Ports - Account Balance (policy.rules)
 2002651 - ET POLICY High Ports - Payment History (policy.rules)
 2002652 - ET POLICY High Ports - Annual Income (policy.rules)
 2002653 - ET POLICY High Ports - Credit History (policy.rules)
 2002654 - ET POLICY High Ports - Transaction History (policy.rules)
 2002655 - ET POLICY High Ports - Customer List (policy.rules)
 2002704 - ET POLICY HTTP - US Confidential ORCON (policy.rules)
 2002856 - ET MALWARE Suspicious POST to ROBOTS.TXT (malware.rules)
 2010952 - ET POLICY facebook activity (policy.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20120423/c72cdb9f/attachment-0001.html>


More information about the Emerging-updates mailing list