[Emerging-updates] Daily Ruleset Update Summary 12/28/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Dec 28 12:52:15 HAST 2012


[***]          Summary:          [***]

21 new Open rules 22 new Pro rules (21/1). 1 Moved from Pro to Open.

2016110 FakeAV installer name
2016111 - 2016112 Sweet Orange/pamdql updates.
2016113, 2016128 Redkit Updates
2016114 - 2016123 StillSecure Sigs.
2016124 - 2016127 FakeFlashPlayer Trojan activity
2016129 _gmf/Styx EOT Font download.
2016130 - 2016131 Stbuniq C2

2805858 Android/Adware.Wooboo.A

[+++]          Added rules:          [+++]

  Open:
  2016110 - ET TROJAN FakeAV Download antivirus-installer.exe (trojan.rules)
  2016111 - ET CURRENT_EVENTS Sweet Orange Java payload request (1)
(current_events.rules)
  2016112 - ET CURRENT_EVENTS Sweet Orange Java obfuscated binary (1)
(current_events.rules)
  2016113 - ET CURRENT_EVENTS Redkit encrypted binary (1)
(current_events.rules)
  2016114 - ET WEB_SPECIFIC_APPS gpEasy CMS section parameter XSS Attempt
(web_specific_apps.rules)
  2016115 - ET WEB_SPECIFIC_APPS gpEasy CMS index.php file XSS Attempt
(web_specific_apps.rules)
  2016116 - ET WEB_SPECIFIC_APPS gpEasy CMS key parameter XSS Attempt
(web_specific_apps.rules)
  2016117 - ET WEB_SPECIFIC_APPS WordPress Mailing List plugin wpabspath
parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  2016118 - ET ACTIVEX Possible Advantech Studio ISSymbol ActiveX Control
Multiple Buffer Overflow Attempt (activex.rules)
  2016119 - ET WEB_SPECIFIC_APPS Symantec Messaging Gateway 9.5.3-3 -
Arbitrary file download 2 (web_specific_apps.rules)
  2016120 - ET WEB_SPECIFIC_APPS Wiki Web Help configpath parameter Remote
File Inclusion Attempt (web_specific_apps.rules)
  2016121 - ET WEB_SPECIFIC_APPS WordPress Relocate Upload plugin abspath
parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  2016122 - ET WEB_SPECIFIC_APPS LogAnalyzer asktheoracle.php file XSS
Attempt (web_specific_apps.rules)
  2016123 - ET WEB_SPECIFIC_APPS Wordpress Myflash path parameter Local
File Inclusion Attempt (web_specific_apps.rules)
  2016124 - ET TROJAN W32/Downloader.FakeFlashPlayer Clientregister.php CnC
Beacon (trojan.rules)
  2016125 - ET TROJAN W32/Downloader.FakeFlashPlayer Status.Php CnC Beacon
(trojan.rules)
  2016126 - ET TROJAN W32/Downloader.FakeFlashPlayer Bitensiteler CnC
Beacon (trojan.rules)
  2016127 - ET TROJAN W32/Downloader.FakeFlashPlayer Kelimeid CnC Beacon
(trojan.rules)
  2016128 - ET CURRENT_EVENTS RedKit - Landing Page (current_events.rules)
  2016129 - ET CURRENT_EVENTS Unknown_gmf/Styx EK - fnts.html
 (current_events.rules)
  2016130 - ET TROJAN Stabuniq C&C Communication (trojan.rules)
  2016131 - ET TROJAN Stabuniq Observed C&C POST Target /rss.php
(trojan.rules)

  Pro:
  2805858 - ETPRO MOBILE_MALWARE Android/Adware.Wooboo.A Checkin
(mobile_malware.rules)


 [---]         Removed rules:         [---]

  2805758 - ETPRO WEB_SPECIFIC_APPS Symantec Messaging Gateway 9.5.3-3 -
Arbitrary file download 2 (web_specific_apps.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20121228/c8666557/attachment.html>


More information about the Emerging-updates mailing list