[Emerging-updates] Daily Ruleset Update Summary 01/03/2014

Francis Trudeau ftrudeau at emergingthreats.net
Fri Jan 3 15:14:12 HAST 2014


 [***] Summary: [***]

 17 Pro rules, 9 open (8/9).  Agent.QCD, MMcS Exploit, Synology DSM
SLICEUPLOAD.

 Thanks to: Eoin Miller.

 [+++]          Added rules:          [+++]

 Pro:

  2807428 - ETPRO TROJAN Win32/Neurevt.A Checkin 2 (trojan.rules)
  2807429 - ETPRO TROJAN Trojan.Win32.Verti.A (trojan.rules)
  2807430 - ETPRO MALWARE Hotbar Spyware checkin (malware.rules)
  2807431 - ETPRO TROJAN Win32/Agent.QCD Checkin (trojan.rules)
  2807432 - ETPRO TROJAN Win32/Agent.QCD Checkin 2 (trojan.rules)
  2807433 - ETPRO TROJAN Win32/Agent.QCD Checkin 3 (trojan.rules)
  2807434 - ETPRO TROJAN Trojan.Win32.Agent.adecj Checkin (trojan.rules)
  2807435 - ETPRO EXPLOIT Synology DSM SLICEUPLOAD RCE (exploit.rules)

 Open:

  2017923 - ET EXPLOIT MMCS service (Little Endian) (exploit.rules)
  2017924 - ET EXPLOIT MMCS service (Big Endian) (exploit.rules)
  2017925 - ET POLICY DNS lookup for bridges.torproject.org IP lookup/Tor
Usage check (policy.rules)
  2017926 - ET POLICY DNS lookup for check.torproject.org IP lookup/Tor
Usage check (policy.rules)
  2017927 - ET POLICY check.torproject.org IP lookup/Tor Usage check over
HTTP (policy.rules)
  2017928 - ET POLICY check.torproject.org IP lookup/Tor Usage check over
TLS with SNI (policy.rules)
  2017929 - ET POLICY bridges.torproject.org over TLS with SNI
(policy.rules)
  2017930 - ET TROJAN Trojan Generic - POST To gate.php with no referer
(trojan.rules)
  2017931 - ET CURRENT_EVENTS DRIVEBY Redirection - Injection - Modified
Edwards Packer Script (current_events.rules)


 [///]     Modified active rules:     [///]

  2017729 - ET CURRENT_EVENTS Angler Landing Nov 18 2013
(current_events.rules)
  2806327 - ETPRO MALWARE Adware/PCMega.J Install (malware.rules)


 [---]         Removed rules:         [---]

  2017883 - ET TROJAN W32/Ferret DDOS Bot CnC Beacon (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140103/35e179fe/attachment.html>


More information about the Emerging-updates mailing list