[Emerging-updates] Daily Ruleset Update Summary 06/03/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Jun 3 15:24:02 HADT 2013


[***]          Summary:          [***]

5 new Open rules. 14 new Pro rules (5/9). Unknown EK, CritX/Safepack Gh0st,
Mutopy, Symmi, etc.


[+++]          Added rules:          [+++]

  Open:
  2016962 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 2
(trojan.rules)
  2016963 - ET TROJAN Trojan.Win32/Mutopy.A Checkin (trojan.rules)
  2016964 - ET CURRENT_EVENTS CritX/SafePack Reporting Plugin Detect Data
June 03 2013 (current_events.rules)
  2016965 - ET CURRENT_EVENTS Metasploit Based Unknown EK Jar Download June
03 2013 (current_events.rules)
  2016967 - ET TROJAN W32/Symmi Remote File Injector Initial CnC Beacon
(trojan.rules)

  Pro:
  2806436 - ETPRO TROJAN TROJ_SASFIS.DA Checkin (trojan.rules)
  2806437 - ETPRO TROJAN MSIL/Kryptik.HZ Checkin (trojan.rules)
  2806438 - ETPRO TROJAN Trojan.Win32.Scar.dyws Checkin (trojan.rules)
  2806439 - ETPRO TROJAN AutoIt/Kilim.A Checkin (trojan.rules)
  2806440 - ETPRO TROJAN Trojan.Generic.KDV.807443 Checkin (trojan.rules)
  2806441 - ETPRO TROJAN Variant.Zusy.43699 Checkin (trojan.rules)
  2806442 - ETPRO TROJAN Trojan.Downloader.Adload-130 Checkin (trojan.rules)
  2806443 - ET TROJAN Win32/Swizzor User-Agent (Swizz03r) (trojan.rules)
  2806444 - ETPRO TROJAN PWS.Win32/Hupigon.variant User-Agent (SERVER2_03)
(trojan.rules)


 [///]     Modified active rules:     [///]

  2014853 - ET CURRENT_EVENTS Sakura Exploit Kit Version 1.1 Applet Value
lxxt (current_events.rules)
  2015800 - ET TROJAN Dorkbot GeoIP Lookup to wipmania (trojan.rules)
  2015969 - ET TROJAN WORM_VOBFUS Requesting exe (trojan.rules)
  2016013 - ET CURRENT_EVENTS CritXPack Jar Request (2)
(current_events.rules)
  2016074 - ET TROJAN Backdoor.Win32.Skill.gk User-Agent (trojan.rules)
  2803118 - ETPRO TROJAN Win32/Swizzor Checkin (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2016365 - ET CURRENT_EVENTS CritXPack Jar Request (3)
(current_events.rules)
  2800775 - ETPRO EXPLOIT Mercury Mail Transport System Buffer Overflow
(exploit.rules)


 [---]         Removed rules:         [---]

  2014120 - ET TROJAN Win32/Eorezo-B Checkin (trojan.rules)
  2015624 - ET TROJAN Backdoor.Win32.Gh0st Checkin (5-12 Byte keyword)
(trojan.rules)
  2803439 - ETPRO TROJAN Kryptik.UFOSG2RAbFQ Pre-infection Redirect
(trojan.rules)
  2804806 - ETPRO TROJAN Trojan.Win32/Mutopy.A Checkin (trojan.rules)
  2806430 - ETPRO TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND)
2 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130603/7c6a38d7/attachment.html>


More information about the Emerging-updates mailing list