[Emerging-updates] Daily Ruleset Update Summary 08/28/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Aug 28 12:57:30 HADT 2013


[***]          Summary:          [***]

8 new Open rules. 18 new Pro rules (8/10). UnknownEK, SWT, ASPyder, etc.

[+++]          Added rules:          [+++]

  Open:
  2017387 - ET CURRENT_EVENTS Unknown EK Landing Aug 27 2013
(current_events.rules)
  2017388 - ET CURRENT_EVENTS Possible Sweet Orange Payload Download Aug 28
2013 (current_events.rules)
  2017389 - ET WEB_SERVER WebShell - ASPyder - Auth Creds (web_server.rules)
  2017390 - ET WEB_SERVER WebShell - ASPyder - File Browser - Interface
(web_server.rules)
  2017391 - ET WEB_SERVER WebShell - ASPyder - Auth Prompt
(web_server.rules)
  2017392 - ET WEB_SERVER WebShell - ASPyder - File Browser - POST
Structure (web_server.rules)
  2017393 - ET WEB_SERVER WebShell - ASPyder -File Upload - POST Structure
(web_server.rules)
  2017394 - ET WEB_SERVER WebShell - ASPyder - File Upload - Response
(web_server.rules)

  Pro:
  2806918 - ETPRO MOBILE_MALWARE Android/Ksapp.A Checkin 3
(mobile_malware.rules)
  2806920 - ETPRO TROJAN Trojan.Rontokbro Checkin (trojan.rules)
  2806921 - ETPRO TROJAN Win32/Carberp.G Checkin (trojan.rules)
  2806923 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.cbvy IRC JOIN
(trojan.rules)
  2806924 - ETPRO TROJAN Muldrop Checkin (trojan.rules)
  2806925 - ETPRO TROJAN Muldrop Fetching Data (trojan.rules)
  2806926 - ETPRO TROJAN Muldrop Receiving Data (trojan.rules)
  2806928 - ETPRO TROJAN Unknown Checkin (trojan.rules)
  2806929 - ETPRO TROJAN Win32/Sality.AM Checkin 3 (trojan.rules)
  2806930 - ETPRO TROJAN TrojanSpy.Win32/Vwealer.CT Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2014701 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode
6 or 7 set - Likely Kazy (dns.rules)
  2014702 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode
8 through 15 set - Likely Kazy (dns.rules)
  2014703 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port
Reserved Bit Set - Likely Kazy (dns.rules)


 [///]    Modified inactive rules:    [///]

  2804603 - ETPRO TROJAN Lethic.B XOR key (trojan.rules)


 [---]         Disabled rules:        [---]

  2011016 - ET WEB_SERVER Possible Sun Microsystems Sun Java System Web
Server Long OPTIONS URI Overflow Attmept (web_server.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130828/547192a5/attachment.html>


More information about the Emerging-updates mailing list