[Emerging-updates] Daily Ruleset Update Summary 8/8/2013

Matt Jonkman jonkman at emergingthreats.net
Thu Aug 8 19:11:43 HADT 2013


9 new Open rules today, and 32 (9/24) new Pro rules.

Enjoy!


 [+++]          Added rules:          [+++]

  2017296 - ET CURRENT_EVENTS Possible CritX/SafePack/FlashPack Jar
Download (current_events.rules)
  2017297 - ET CURRENT_EVENTS Possible CritX/SafePack/FlashPack Jar
Download (current_events.rules)
  2017298 - ET WEB_CLIENT Possible Firefox CVE-2013-1690 (web_client.rules)
  2017299 - ET CURRENT_EVENTS Redkit Jar Download Aug 07 2013
(current_events.rules)
  2017300 - ET CURRENT_EVENTS Rawin -TDS - POST w/Java Version
(current_events.rules)
  2017301 - ET CURRENT_EVENTS Fake Trojan Dropper purporting to be missing
application page landing (current_events.rules)
  2017302 - ET CURRENT_EVENTS Fake Trojan Dropper purporting to be missing
application - findloader (current_events.rules)
  2017303 - ET TROJAN ATTACKER IRCBot - PRIVMSG Response - Directory
Listing *nix (trojan.rules)
  2017305 - ET TROJAN Win32/Cridex Checkin (trojan.rules)


  2806781 - ETPRO TROJAN Worm.Win32.Luder.bzkd Checkin (trojan.rules)
  2806782 - ETPRO TROJAN Trojan/Win32.KorAd Checkin (trojan.rules)
  2806783 - ETPRO TROJAN Win32.Xtrat.A (CnC & Exe Source) (trojan.rules)
  2806784 - ETPRO TROJAN Backdoor.Win32.Bancodor.dy Checkin (trojan.rules)
  2806785 - ETPRO TROJAN Agent.AANC 1 (trojan.rules)
  2806786 - ETPRO TROJAN Agent.AANC 2 (trojan.rules)
  2806787 - ETPRO TROJAN Suspicious User-Agent (SEX/1) (trojan.rules)
  2806788 - ETPRO TROJAN Tool.InstallToolbar.96 (trojan.rules)
  2806789 - ETPRO TROJAN Livesearchnow browser hijack 1 (trojan.rules)
  2806790 - ETPRO TROJAN Livesearchnow browser hijack 2 (trojan.rules)
  2806791 - ETPRO TROJAN
Win32.Jorik.ServStart.vn<http://win32.jorik.servstart.vn/>
 (trojan.rules)
  2806792 - ETPRO TROJAN Win32.Spy Checkin 2 (trojan.rules)
  2806793 - ETPRO TROJAN Variant.Strictor.34593 (trojan.rules)
  2806794 - ETPRO TROJAN Win32.Swisyn.afsz (trojan.rules)
  2806795 - ETPRO TROJAN Win32.Htbot.B (trojan.rules)
  2806796 - ETPRO MALWARE Win32/DomaIQ Checkin (malware.rules)
  2806798 - ETPRO TROJAN securityxploded malware retrieval UA (trojan.rules)
  2806799 - ETPRO TROJAN securityxploded malware retrieval URI
(trojan.rules)
  2806800 - ETPRO TROJAN Rodecap CnC response 1 (trojan.rules)
  2806801 - ETPRO TROJAN Rodecap CnC response 2 (trojan.rules)
  2806802 - ETPRO TROJAN Rodecap CnC response 3 (trojan.rules)
  2806803 - ETPRO TROJAN Rodecap CnC response 4 (trojan.rules)
  2806804 - ETPRO TROJAN Rodecap CnC response 5 (trojan.rules)
  2806805 - ETPRO TROJAN Rodecap CnC response 6 (trojan.rules)


 [///]     Modified active rules:     [///]

  2017022 - ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17
2013 1 (current_events.rules)
  2017076 - ET CURRENT_EVENTS BlackHole EK Variant Payload Download
(current_events.rules)
  2017261 - ET TROJAN TrojanDownloader.Win32/Dofoil.U Trojan Checkin
(trojan.rules)

  2806309 - ETPRO TROJAN
Win32/Injector.Autoit.IN<http://injector.autoit.in/> Checkin
(trojan.rules)
  2806537 - ETPRO TROJAN Win32/Xolondox.A Checkin 3 (trojan.rules)


 [---]         Removed rules:         [---]

  2007926 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader
(cv_v5.0.0) (trojan.rules)
  2011524 - ET TROJAN Knok.php Shiz or Rohimafo Host Information Submission
to CnC Server (trojan.rules)
  2011792 - ET TROJAN Shiz/Rohimafo Proxy Registration (trojan.rules)
  2014800 - ET CURRENT_EVENTS Blackhole Landing Page getElementByID Qwe -
May 22nd 2012 (current_events.rules)
  2803509 - ETPRO TROJAN Win32/Dogrobot.D Checkin (trojan.rules)
  2806780 - ETPRO TROJAN TrojanDownloader.Banload.axdq Checkin
(trojan.rules)



-- 

----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130809/1d59a308/attachment.html>


More information about the Emerging-updates mailing list