[Emerging-updates] Daily Ruleset Update Summary 02/19/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Feb 20 00:32:17 HAST 2013


[***]          Summary:          [***]

24 new Open and/or moved from Pro rules all related to the Mandiant APT
report. More coming today. A couple of new Pro sigs. SofosFO/Vulnerable
Java UA sigs updated.

If you haven't read the Mandiant report I highly suggest that you do so.

http://www.mandiant.com/apt1

[+++]          Added rules:          [+++]

 Open:
 2016428 - ET TROJAN Backdoor.Win32.Likseput.B Checkin 2 (trojan.rules)
 2016429 - ET TROJAN Shady Rat/HTran style HTTP Header Pattern Request UHCa
and Google MSIE UA (trojan.rules)
 2016430 - ET TROJAN Trojan-Downloader.Win32.Agent.vhvw Checkin MINIASP
(trojan.rules)
 2016431 - ET TROJAN Win32/Tosct.B UA Mandiant APT1 Related (trojan.rules)
 2016432 - ET TROJAN Likseput.B Checkin (trojan.rules)
 2016433 - ET TROJAN Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8
(trojan.rules)
 2016434 - ET TROJAN Win32/COOKIEBAG Cookie APT1 Related (trojan.rules)
 2016435 - ET TROJAN WEBC2-TABLE Checkin 1 - APT1 Related (trojan.rules)
 2016436 - ET TROJAN WEBC2-TABLE Checkin 2 - APT1 Related (trojan.rules)
 2016437 - ET TROJAN WEBC2-TABLE Checkin 3 - APT1 Related (trojan.rules)
 2016438 - ET TROJAN WEBC2-TABLE Checkin Response - Embedded CnC APT1
Related (trojan.rules)
 2016439 - ET TROJAN Win32/Namsoth.A Checkin/NEWSREELS APT1 Related
(trojan.rules)
 2016440 - ET TROJAN SEASALT HTTP Checkin (trojan.rules)
 2016441 - ET TROJAN SEASALT Client Checkin (trojan.rules)
 2016442 - ET TROJAN SEASALT Server Response (trojan.rules)
 2016443 - ET TROJAN STARSYPOUND Client Checkin (trojan.rules)
 2016444 - ET TROJAN STARSYPOUND Client Checkin (trojan.rules)
 2016445 - ET TROJAN SWORD Sending Sword Marker (trojan.rules)
 2016446 - ET TROJAN TABMSGSQL/Sluegot.C Checkin (trojan.rules)
 2016447 - ET TROJAN WARP Win32/Barkiofork.A (trojan.rules)
 2016448 - ET TROJAN WEBC2-ADSPACE Server Response (trojan.rules)
 2016449 - ET TROJAN WEBC2-AUSOV Checkin Response - Embedded CnC APT1
Related (trojan.rules)
 2016450 - ET TROJAN Backdoor.Win32/Likseput.A Checkin (trojan.rules)
 2016451 - ET TROJAN WEBC2-QBP Checkin Response 1 - Embedded CnC APT1
Related (trojan.rules)

 Pro:
 2806034 - ETPRO TROJAN Trojan-Downloader.Win32.IstBar.q Checkin
(trojan.rules)
 2806035 - ETPRO MALWARE AdWare.Win32.Agent.hzg Checkin (malware.rules)


[///]     Modified active rules:     [///]

 2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
 2015889 - ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage
landing page (1) (current_events.rules)
 2803833 - ETPRO TROJAN WEBC2-CSON Checkin - APT1 Related (trojan.rules)


[---]         Removed rules:         [---]

 2007748 - ET TROJAN NPRC Malicious POST Request Possible DOJ or DOT
Malware (trojan.rules)
 2801442 - ETPRO TROJAN Backdoor.Win32.Likseput.B Checkin 2 (trojan.rules)
 2803356 - ETPRO TROJAN Shady Rat/HTran style HTTP Header Pattern Request
UHCa and Google MSIE UA (trojan.rules)
 2804304 - ETPRO TROJAN Backdoor.Win32/Likseput.A Checkin (trojan.rules)
 2804819 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.vhvw Checkin
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130220/6c4b0f11/attachment.html>


More information about the Emerging-updates mailing list