[Emerging-updates] Daily Ruleset Update Summary 04/05/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Feb 5 12:16:34 HAST 2013


 [***]          Summary:          [***]

13 new Open rules. 17 new Pro rules (13/4).

2016341 BlackHole URL Obfuscation Chris Wakelin
2015342 Beebus Kevin Ross
2016343 - 2016345 Various Android Malware Sigs Angel Alonso Parrizas
2016347 Styx
2016352 - 2016353 Styx Kevin Ross
2016348 - 2016350  WhiteHole EK
2016354 WSO Webshell Variant
2016355 ServStart Variant Kevin Ross

2805982 -2805985 Daily Pro Trojan Coverage.

 [+++]          Added rules:          [+++]

  Open:
  2016341 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Feb
04 2012 (current_events.rules)
  2016342 - ET TROJAN W32/Beebus HTTP POST CnC Beacon (trojan.rules)
  2016343 - ET MOBILE_MALWARE Android TrojanFakeLookout.A
(mobile_malware.rules)
  2016344 - ET MOBILE_MALWARE Android/Fakelash.A!tr.spy Checkin
(mobile_malware.rules)
  2016345 - ET MOBILE_MALWARE DroidKungFu Variant (mobile_malware.rules)
  2016347 - ET CURRENT_EVENTS Styx Exploit Kit Secondary Landing
(current_events.rules)
  2016348 - ET CURRENT_EVENTS WhiteHole Exploit Landing Page
(current_events.rules)
  2016349 - ET CURRENT_EVENTS WhiteHole Exploit Kit Jar Request
(current_events.rules)
  2016350 - ET CURRENT_EVENTS WhiteHole Exploit Kit Payload Download
(current_events.rules)
  2016352 - ET CURRENT_EVENTS Styx Exploit Kit Jerk.cgi TDS
(current_events.rules)
  2016353 - ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With
Getmyfile.exe Payload (current_events.rules)
  2016354 - ET CURRENT_EVENTS WSO WebShell Activity POST structure 2
(current_events.rules)
  2016355 - ET TROJAN W32/ServStart.Variant CnC Beacon (trojan.rules)

  Pro:
  2805982 - ETPRO TROJAN Win32/Spy.Banker.YVI Checkin (trojan.rules)
  2805983 - ETPRO POLICY PPTP Start-Control-Connection-Reply to
privitize.com (policy.rules)
  2805984 - ETPRO TROJAN User-Agent (DM) (trojan.rules)
  2805985 - ETPRO TROJAN Fareit/Pony Downloader .exe file download
(trojan.rules)


 [///]     Modified active rules:     [///]

  2014234 - ET TROJAN Fareit/Pony Downloader Checkin 3 (trojan.rules)
  2014435 - ET TROJAN Infostealer.Banprox Proxy.pac Download (trojan.rules)
  2015962 - ET CURRENT_EVENTS CritXPack Payload Request
(current_events.rules)
  2015998 - ET CURRENT_EVENTS CritXPack Landing Pattern
(current_events.rules)
  2016215 - ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/nt/sk
(trojan.rules)
  2016216 - ET TROJAN Red October/Win32.Digitalia Checkin
cgi-bin/dllhost/ac (trojan.rules)
  2016223 - ET TROJAN Andromeda Checkin (trojan.rules)
  2805895 - ETPRO SCADA Possible Siemens SIMATIC RF Manager ActiveX Control
Buffer Overflow 2 (scada.rules)


 [---]         Removed rules:         [---]

  2011992 - ET CURRENT_EVENTS Possible ProFTPD Backdoor Initiate Attempt
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130205/3fb97f3a/attachment.html>


More information about the Emerging-updates mailing list