[Emerging-updates] Daily Ruleset Update Summary 08/12/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Aug 12 20:57:32 HADT 2013


[***]          Summary:          [***]

8 new Open rules. 17 new Pro rules (8/9). Suspicious IRC traffic, FlimKit,
BHEK, a bunch of category changes, etc.

 [+++]          Added rules:          [+++]

  Open:
  2017318 - ET CURRENT_EVENTS SUSPICIOUS IRC - PRIVMSG *.(exe|tar|tgz|zip)
 download command (current_events.rules)
  2017319 - ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and 3 Letter Country
Code (current_events.rules)
  2017321 - ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Possible Windows
XP/7 (current_events.rules)
  2017322 - ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Win
(current_events.rules)
  2017323 - ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and -PC
(current_events.rules)
  2017324 - ET CURRENT_EVENTS FlimKit obfuscated hex-encoded jnlp_embedded
Aug 08 2013 (current_events.rules)
  2017325 - ET TROJAN Yayih.A Checkin 2 (trojan.rules)
  2017326 - ET TROJAN Yayih.A Checkin 3 (trojan.rules)

  Pro:
  2806807 - ETPRO TROJAN AndroidOS/GingerMaster.A (trojan.rules)
  2806808 - ETPRO TROJAN AndroidOS/GingerMaster.B (trojan.rules)
  2806809 - ETPRO TROJAN Win32/Agent.URS Checkin (trojan.rules)
  2806810 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.iucz Checkin
(trojan.rules)
  2806811 - ETPRO TROJAN Trojan.Generic.9379252 Checkin (trojan.rules)
  2806812 - ETPRO MOBILE_MALWARE Android/SMSstealer.A!tr Checkin
(mobile_malware.rules)
  2806813 - ETPRO TROJAN Win32/Surldoe.gen!A Checkin (trojan.rules)
  2806814 - ETPRO TROJAN Backdoor.Win32.Agent.ju Checkin (trojan.rules)
  2806815 - ETPRO TROJAN Backdoor.Win32.Beastdoor.j Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2017181 - ET CURRENT_EVENTS Sibhost/FlimKit/Glazunov Jar with lowercase
class names (current_events.rules)
  2017265 - ET CURRENT_EVENTS BlackHole EK Non-standard base64 Key
(current_events.rules)
  2803766 - ETPRO CURRENT_EVENTS Possible Hiloti DNS Checkin Message
cmd_exe (current_events.rules)
  2805912 - ETPRO POLICY Socks version 5 NO AUTHENTICATION REQUIRED
(policy.rules)
  2805913 - ETPRO POLICY Socks version 5 CONNECT Address type IPv4
(policy.rules)


 [---]  Disabled and modified rules:  [---]

  2002865 - ET WEB_SERVER Novell GroupWise Messenger Accept Language Buffer
Overflow (web_server.rules)


 [---]         Disabled rules:        [---]

  2800571 - ETPRO DOS ISC DHCP Server Zero Length Client ID Denial of
Service (dos.rules)


 [---]         Moved rules:         [---]

  Old:
  2000355 - ET POLICY IRC authorization message (policy.rules)
  2001595 - ET POLICY Skype VOIP Checking Version (Startup) (policy.rules)
  2001801 - ET POLICY ICQ Status Invisible (policy.rules)
  2001802 - ET POLICY ICQ Status Change (1) (policy.rules)
  2001803 - ET POLICY ICQ Status Change (2) (policy.rules)
  2001804 - ET POLICY ICQ Login (policy.rules)
  2001805 - ET POLICY ICQ Message (policy.rules)
  2002157 - ET POLICY Skype User-Agent detected (policy.rules)
  2002950 - ET POLICY TOR 1.0 Server Key Retrieval (policy.rules)
  2002951 - ET POLICY TOR 1.0 Status Update (policy.rules)
  2002952 - ET POLICY TOR 1.0 Inbound Circuit Traffic (policy.rules)
  2002953 - ET POLICY TOR 1.0 Outbound Circuit Traffic (policy.rules)
  2002979 - ET POLICY SC-KeyLog Keylogger Installed - Sending Initial Email
Report (policy.rules)
  2003022 - ET POLICY Skype Bootstrap Node (udp) (policy.rules)
  2007746 - ET POLICY Gold VIP Club Casino Client in Use (policy.rules)
  2008113 - ET POLICY Tor Get Server Request (policy.rules)
  2008115 - ET POLICY Tor Get Status Request (policy.rules)
  2008295 - ET POLICY Gadu-Gadu IM Login Server Request (policy.rules)
  2008348 - ET POLICY SC-KeyLog Keylogger Installed - Sending Log Email
Report (policy.rules)
  2011311 - ET POLICY request for hide-my-ip.com autoupdate (policy.rules)
  2011312 - ET POLICY hide-my-ip.com POST version check (policy.rules)
  2014734 - ET POLICY BitTorrent - Torrent File Downloaded (policy.rules)

  New:
  2000355 - ET CHAT IRC authorization message (chat.rules)
  2001595 - ET CHAT Skype VOIP Checking Version (Startup) (chat.rules)
  2001801 - ET CHAT ICQ Status Invisible (chat.rules)
  2001802 - ET CHAT ICQ Status Change (1) (chat.rules)
  2001803 - ET CHAT ICQ Status Change (2) (chat.rules)
  2001804 - ET CHAT ICQ Login (chat.rules)
  2001805 - ET CHAT ICQ Message (chat.rules)
  2002157 - ET CHAT Skype User-Agent detected (chat.rules)
  2002950 - ET P2P TOR 1.0 Server Key Retrieval (p2p.rules)
  2002951 - ET P2P TOR 1.0 Status Update (p2p.rules)
  2002952 - ET P2P TOR 1.0 Inbound Circuit Traffic (p2p.rules)
  2002953 - ET P2P TOR 1.0 Outbound Circuit Traffic (p2p.rules)
  2002979 - ET TROJAN SC-KeyLog Keylogger Installed - Sending Initial Email
Report (trojan.rules)
  2003022 - ET CHAT Skype Bootstrap Node (udp) (chat.rules)
  2007746 - ET GAMES Gold VIP Club Casino Client in Use (games.rules)
  2008113 - ET P2P Tor Get Server Request (p2p.rules)
  2008115 - ET P2P Tor Get Status Request (p2p.rules)
  2008295 - ET CHAT Gadu-Gadu IM Login Server Request (chat.rules)
  2008348 - ET TROJAN SC-KeyLog Keylogger Installed - Sending Log Email
Report (trojan.rules)
  2011311 - ET CURRENT_EVENTS request for hide-my-ip.com autoupdate
(current_events.rules)
  2011312 - ET CURRENT_EVENTS hide-my-ip.com POST version check
(current_events.rules)
  2014734 - ET P2P BitTorrent - Torrent File Downloaded (p2p.rules)

[---]         Removed rules:         [---]

  2017164 - ET CURRENT_EVENTS BlackHole EK Non-standard base64 Key
(current_events.rules)
  2806795 - ETPRO TROJAN Win32.Htbot.B (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130813/1c9e1413/attachment.html>


More information about the Emerging-updates mailing list