[Emerging-updates] Daily Ruleset Update Summary 08/21/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Aug 21 14:42:06 HADT 2013


[***]          Summary:          [***]

16 new Open rules. 23 new Pro rules (16/7). PosionIvy, Coldfusion, BHEK,
FlimKit, etc. Tks to Robinson Delaugerre!, Christopher Granger, etc.

[+++]          Added rules:          [+++]

  Open:
  2017350 - ET TROJAN PoisonIvy.admin at 388 Keepalive to CnC (trojan.rules)
  2017351 - ET TROJAN PoisonIvy.th3bug Keepalive to CnC (trojan.rules)
  2017352 - ET TROJAN PoisonIvy.keaidestone Keepalive to CnC (trojan.rules)
  2017353 - ET TROJAN PoisonIvy.suzuki Keepalive to CnC (trojan.rules)
  2017354 - ET TROJAN PoisonIvy.happyyongzi Keepalive to CnC (trojan.rules)
  2017355 - ET TROJAN PoisonIvy.key at 123 Keepalive to CnC (trojan.rules)
  2017356 - ET TROJAN PoisonIvy.gwx at 123 Keepalive to CnC (trojan.rules)
  2017357 - ET TROJAN PoisonIvy.wwwst at Admin Keepalive to CnC (trojan.rules)
  2017358 - ET TROJAN PoisonIvy.xiaoxiaohuli Keepalive to CnC (trojan.rules)
  2017359 - ET TROJAN PoisonIvy.smallfish Keepalive to CnC (trojan.rules)
  2017360 - ET TROJAN PoisonIvy.XGstone Keepalive to CnC (trojan.rules)
  2017361 - ET TROJAN PoisonIvy.fishplay Keepalive to CnC (trojan.rules)
  2017362 - ET TROJAN Win32/Napolar.A Getting URL (trojan.rules)
  2017363 - ET INFO InetSim Response from External Source Possible SinkHole
(info.rules)
  2017364 - ET CURRENT_EVENTS Blackhole obfuscated base64 key string
(current_events.rules)
  2017366 - ET WEB_SERVER Coldfusion 9 Auth Bypass CVE-2013-0632
(web_server.rules)

  Pro:
  2806871 - ETPRO TROJAN Trojan-Dropper.Win32.Agent.ickt Checkin
(trojan.rules)
  2806872 - ETPRO TROJAN Trojan.Mybot-10022 CnC (trojan.rules)
  2806873 - ETPRO TROJAN Rogue.Win32/FakeRean Checkin 3 (trojan.rules)
  2806874 - ETPRO TROJAN Trojan.Pcclient-85 Checkin (trojan.rules)
  2806875 - ETPRO TROJAN Perfect Keyloger sending stolen data (trojan.rules)
  2806876 - ETPRO TROJAN Optix Pro RAT connection acknowledgement
(trojan.rules)
  2806877 - ETPRO MOBILE_MALWARE Android/TheftSpy.C Checkin
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2014310 - ET TROJAN RegSubsDat Checkin (trojan.rules)
  2015668 - ET CURRENT_EVENTS FlimKit/Other - Landing Page - 100HexChar
value and applet (current_events.rules)
  2016140 - ET TROJAN Suspicious User Agent (iexplorer) (trojan.rules)
  2017039 - ET CURRENT_EVENTS X20 EK Payload Download (current_events.rules)
  2017167 - ET CURRENT_EVENTS X20 EK Landing July 22 2013
(current_events.rules)
  2017299 - ET CURRENT_EVENTS X20 EK Download Aug 07 2013
(current_events.rules)


 [-+-]         Moved rules:         [-+-]

  Old:
  2801993 - ETPRO USER_AGENTS Trojan Related Lame Updater User-Agent
(user_agents.rules)
  2802093 - ETPRO USER_AGENTS Trojan.Win32.VBKrypt.cugq Checkin
(user_agents.rules)
  2806353 - ETPRO TROJAN Win32.Troj.Cidox Checkin (trojan.rules)

  New:
  2017347 - ET TROJAN Trojan Related Lame Updater User-Agent (trojan.rules)
  2017348 - ET USER_AGENTS Trojan.Win32.VBKrypt.cugq Checkin
(user_agents.rules)
  2017349 - ET TROJAN Win32.Troj.Cidox Checkin (trojan.rules)

 [---]         Removed rules:         [---]
  2806869 - ETPRO TROJAN Win32/Pift DNS TXT CnC Lookup ppidn.net
 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130821/d752f391/attachment.html>


More information about the Emerging-updates mailing list