[Emerging-updates] Daily Ruleset Update Summary 06/10/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Jun 10 18:57:28 HADT 2013


 [***]          Summary:          [***]

 9 new Open rules. 13 new Pro rules (9/4). IP only sinkhole rules (Disabled
by default), updates for various EK's etc.

 [+++]          Added rules:          [+++]

  Open: (All disabled by default)
  2016993 - ET TROJAN Connection to Annibus Sinkhole IP (Possible Infected
Host) (trojan.rules)
  2016994 - ET TROJAN Connection to Georgia Tech Sinkhole IP (Possible
Infected Host) (trojan.rules)
  2016995 - ET TROJAN Connection to 1&1 Sinkhole IP (Possible Infected
Host) (trojan.rules)
  2016996 - ET TROJAN Connection to Zinkhole Sinkhole IP (Possible Infected
Host) (trojan.rules)
  2016997 - ET TROJAN Connection to Dr Web Sinkhole IP(Possible Infected
Host) (trojan.rules)
  2016998 - ET TROJAN Connection to Fitsec Sinkhole IP (Possible Infected
Host) (trojan.rules)
  2016999 - ET TROJAN Connection to Microsoft Sinkhole IP (Possbile
Infected Host) (trojan.rules)
  2017000 - ET TROJAN Connection to Google Sinkhole IP (Possbile Infected
Host) (trojan.rules)
  2017001 - ET TROJAN Connection to a cert.pl Sinkhole IP (Possible
Infected Host) (trojan.rules)

  Pro:
  2806473 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.cvby Checkin
(trojan.rules)
  2806474 - ETPRO TROJAN TR/Dldr.Delphi.Gen Checkin (trojan.rules)
  2806475 - ETPRO TROJAN Backdoor.AndroidOS.Obad.a Checkin (trojan.rules)
  2806476 - ETPRO TROJAN Trojan-Spy/W32.Banker.990208.K Checkin
(trojan.rules)


 [///]     Modified active rules:     [///]

  2002175 - ET TROJAN Srv.SSA-KeyLogger Checkin Traffic (trojan.rules)
  2015978 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Dec
03 2012 (current_events.rules)
  2016751 - ET CURRENT_EVENTS RedKit/Sakura applet + obfuscated URL Apr 10
2013 (current_events.rules)
  2016943 - ET CURRENT_EVENTS Sakura - Payload Requested
(current_events.rules)

 [---]         Removed rules:         [---]

  2806468 - ETPRO TROJAN Win32.Sality-GR Checkin 2 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130610/82c8b1d5/attachment.html>


More information about the Emerging-updates mailing list