[Emerging-updates] Daily Ruleset Update Summary 03/10/2014

Francis Trudeau ftrudeau at emergingthreats.net
Mon Mar 10 14:31:51 HADT 2014


 [***] Summary: [***]

 1 new Open rule, 8 new Pro.  Zeus GameOver, BlackEnergy, Quervar.C.

 Thanks:  @kafeine, Nathan Fowler


 [+++]          Added rules:          [+++]

 Open:

  2018242 - ET TROJAN Possible Zeus GameOver Connectivity Check
(trojan.rules)

 Pro:

  2807793 - ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin (trojan.rules)
  2807794 - ETPRO TROJAN Trojan-Dropper.Win32.Dorifel.aiez Checkin
(trojan.rules)
  2807795 - ETPRO TROJAN Win32/Quervar.C Possible NetBIOS Query (KASPERSKY)
(trojan.rules)
  2807796 - ETPRO TROJAN Win32/Quervar.C DNS query to Domain
kaspersky.localnet (trojan.rules)
  2807797 - ETPRO TROJAN Trojan-Dropper.Win32.Dorifel.ahba Checkin
(trojan.rules)
  2807798 - ETPRO TROJAN Variant.Barys.808 Checkin (trojan.rules)
  2807799 - ETPRO TROJAN Backdoor.Win32/Morix.B CnC traffic 2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2016499 - ET CURRENT_EVENTS Styx Exploit Kit Payload Download
(current_events.rules)
  2017636 - ET CURRENT_EVENTS Nuclear EK PDF URI Struct
(current_events.rules)
  2017666 - ET CURRENT_EVENTS Nuclear EK JAR URI Struct Nov 05 2013
(current_events.rules)
  2017667 - ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05 2013
(current_events.rules)
  2017774 - ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 URI Struct Nov 26
2013 (current_events.rules)
  2018171 - ET CURRENT_EVENTS Angler Landing Page Feb 24 2014
(current_events.rules)
  2807273 - ETPRO TROJAN Trojan.Ransom.BV Checkin (trojan.rules)
  2807711 - ETPRO TROJAN Trojan.FakeMS Checkin (trojan.rules)
  2807719 - ETPRO TROJAN PSW.Win32.Agent.afag Checkin (trojan.rules)
  2807781 - ETPRO TROJAN TrojanProxy.Mediana.q Proxy CnC Checkin
(trojan.rules)


 [---]         Removed rules:         [---]

  2403335 - ET CINS Active Threat Intelligence Poor Reputation IP group 36
(ciarmy.rules)
  2807720 - ETPRO TROJAN PSW.Win32.Agent.afag Request 1 (trojan.rules)
  2807721 - ETPRO TROJAN PSW.Win32.Agent.afag Request 2 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140310/011fc319/attachment.html>


More information about the Emerging-updates mailing list