[Emerging-updates] Daily Ruleset Update Summary 09/05/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Sep 5 13:46:27 HADT 2013


[***]          Summary:          [***]


18 new Open rules. 22 new Pro rules (18/4). BHEK, NJRat, etc.


[+++]          Added rules:          [+++]

  Open:
  2017414 - ET TROJAN Unknown Malware CnC response with exe file
(trojan.rules)
  2017416 - ET CURRENT_EVENTS BlackHole EK Variant PDF Download
(current_events.rules)
  2017417 - ET TROJAN Bladabindi/njrat CnC Keep-Alive (INBOUND)
(trojan.rules)
  2017418 - ET TROJAN Bladabindi/njrat CnC Keep-Alive (OUTBOUND)
(trojan.rules)
  2017419 - ET TROJAN Bladabindi/njrat CnC Checkin (trojan.rules)
  2017420 - ET TROJAN Bladabindi/njrat CnC Command (File Manager)
(trojan.rules)
  2017421 - ET TROJAN Bladabindi/njrat CnC Command Response (File Manager)
(trojan.rules)
  2017422 - ET TROJAN Bladabindi/njrat CnC Command (Remote Desktop)
(trojan.rules)
  2017423 - ET TROJAN Bladabindi/njrat CnC Command Response (Remote
Desktop) (trojan.rules)
  2017424 - ET TROJAN Bladabindi/njrat CnC Command (Remote Cam)
(trojan.rules)
  2017425 - ET TROJAN Bladabindi/njrat CnC Command Response (Remote Cam)
(trojan.rules)
  2017426 - ET TROJAN Bladabindi/njrat CnC Command (Remote Shell)
(trojan.rules)
  2017427 - ET TROJAN Bladabindi/njrat CnC Command Response (Process
listing) (trojan.rules)
  2017428 - ET TROJAN Bladabindi/njrat CnC Command (Kill Process)
(trojan.rules)
  2017429 - ET TROJAN Bladabindi/njrat CnC Command (Registry) (trojan.rules)
  2017430 - ET TROJAN Bladabindi/njrat CnC Command (Keylogger)
(trojan.rules)
  2017431 - ET TROJAN Bladabindi/njrat CnC Command (Get Passwords)
(trojan.rules)
  2017432 - ET TROJAN Bladabindi/njrat CnC Command Response (Get Passwords)
(trojan.rules)

  Pro:
  2806949 - ETPRO TROJAN Worm.Win32.AutoRun.bzxw Checkin 1 (trojan.rules)
  2806950 - ETPRO TROJAN Win32/Bicololo.T Checkin (trojan.rules)
  2806952 - ETPRO TROJAN Win32/Filecoder.NAG Checkin (trojan.rules)
  2806953 - ETPRO TROJAN Worm.Win32.AutoRun.bzxw Checkin 2 (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2017140 - ET CURRENT_EVENTS Possible Blackhole EK Jar Download URI Struct
(current_events.rules)

  Pro:
  2804856 - ETPRO WEB_CLIENT Microsoft DOC File download CVE-2012-0158
ListView Overflow 1 -SET (web_client.rules)
  2804857 - ETPRO WEB_CLIENT Microsoft DOC File download CVE-2012-0158
ListView Overflow 2 -SET (web_client.rules)
  2804859 - ETPRO WEB_CLIENT Microsoft DOC File download CVE-2012-0158
TreeView Overflow 1 -SET (web_client.rules)
  2804860 - ETPRO WEB_CLIENT Microsoft DOC File download CVE-2012-0158
TreeView Overflow 2 -SET (web_client.rules)


 [---]         Removed rules:         [---]

  Open:
  2001266 - ET MALWARE Browseraid.com Agent Reporting Data (malware.rules)
  2001295 - ET MALWARE Browseraid.com User-Agent (Browser Adv)
(malware.rules)
  2001400 - ET MALWARE 180solutions Spyware Reporting (malware.rules)
  2002041 - ET MALWARE Weird on the Web /180 Solutions Update
(malware.rules)
  2406918 - ET RBN Known Russian Business Network IP (460) (rbn.rules)

  Pro:
  2805256 - ETPRO TROJAN MSIL/Bladabindi.B/Downloader.LV CnC Response
(trojan.rules)
  2806933 - ETPRO TROJAN Worm.Win32/Mimail.E at mm CnC (TCP) (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130905/5cdb0cf7/attachment.html>


More information about the Emerging-updates mailing list