[Emerging-updates] Daily Ruleset Update Summary 06/17/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Jun 17 13:53:08 HADT 2013


[***]          Summary:          [***]

6 new Open. 11 new Pro (6/5). FlashPack, Unknown Webserver Backdoor,
Karagany, etc.


[+++]          Added rules:          [+++]

  Open:
  2017022 - ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17
2013 1 (current_events.rules)
  2017023 - ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17
2013 2 (current_events.rules)
  2017024 - ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17
2013 3 (current_events.rules)
  2017025 - ET ATTACK_RESPONSE Net User Command Response
(attack_response.rules)
  2017026 - ET TROJAN Unknown Webserver Backdoor (trojan.rules)
  2017027 - ET TROJAN Unknown Webserver Backdoor Domain (google-analytcs)
(trojan.rules)

  Pro:
  2806517 - ETPRO TROJAN Trojan.Win32.Scar.dnvb Checkin (trojan.rules)
  2806518 - ETPRO TROJAN Trojan-Banker.Win32.Banker.tvb Checkin
(trojan.rules)
  2806519 - ETPRO TROJAN Win32/Spy.Banker.QEP Checkin 2 (trojan.rules)
  2806520 - ETPRO TROJAN Backdoor.Win32.Delf.omc Checkin (trojan.rules)
  2806521 - ETPRO TROJAN Win32/Zipdri.A Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2014442 - ET CURRENT_EVENTS DRIVEBY Blackhole - Landing Page Requested -
*.php?*=16HexCharacters in http_uri (current_events.rules)
  2016970 - ET CURRENT_EVENTS Karagany encrypted binary (3)
(current_events.rules)

  Pro:
  2803148 - ETPRO TROJAN Delph/Banload/Blortios.c Checkin (trojan.rules)
  2805455 - ETPRO TROJAN Trojan.Win32.Buzus.kmdt Checkin (trojan.rules)
  2806171 - ETPRO TROJAN Bicololo-G / Trojan.Win32.Qhost.afei Checkin
(trojan.rules)
  2806496 - ETPRO TROJAN Win32.DownLoad3.bauwvy Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2016890 - ET TROJAN TrojanSpy.KeyLogger Hangover Campaign
User-Agent(file) (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130617/a62e78a1/attachment.html>


More information about the Emerging-updates mailing list