[Emerging-updates] Daily Ruleset Update Summary 03/12/2014

Francis Trudeau ftrudeau at emergingthreats.net
Wed Mar 12 13:07:04 HADT 2014


 [***] Summary: [***]

 10 new Open, 15 new Pro (10/5).  Nuclear EK, Kace Backdoor, Kimodin SSH.

 Thanks:  @EKwatcher, @kafeine, Nathan Fowler


 [+++]          Added rules:          [+++]

 Open:

  2018254 - ET TROJAN Possible Graftor EXE Download Common Header Order
(trojan.rules)
  2018255 - ET TROJAN Win32/Expiro.CD Check-in (trojan.rules)
  2018256 - ET TROJAN TDLv4 SSL Cert (trojan.rules)
  2018257 - ET CURRENT_EVENTS Gamut Spambot Checkin 2 (current_events.rules)
  2018258 - ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF URI Struct March 12
2014 (current_events.rules)
  2018259 - ET CURRENT_EVENTS DRIVEBY Nuclear EK CVE-2013-2551 URI Struct
Nov 26 2013 (current_events.rules)
  2018261 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Page Mar 12 2014
(current_events.rules)
  2018262 - ET CURRENT_EVENTS DRIVEBY Nuclear EK IE Exploit CVE-2013-2551
March 12 2014 (current_events.rules)
  2018263 - ET CURRENT_EVENTS Dell Kace backdoor (current_events.rules)
  2018264 - ET TROJAN Linux/Kimodin SSH backdoor activity (trojan.rules)

 Pro:

  2807813 - ETPRO TROJAN DDoS.Win32/Nitol.E Checkin (trojan.rules)
  2807814 - ETPRO TROJAN Trojan.Autoit.F Checkin 4 (trojan.rules)
  2807815 - ETPRO TROJAN Win32/Agent.DE Checkin (trojan.rules)
  2807816 - ETPRO TROJAN Win32/Agent.DE Checkin 2 (trojan.rules)
  2807817 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.ybmu Checkin
(trojan.rules)


 [///]     Modified active rules:     [///]

  2016794 - ET CURRENT_EVENTS Possible Linux/Cdorked.A Incoming Command
(current_events.rules)
  2017666 - ET CURRENT_EVENTS Nuclear EK JAR URI Struct Nov 05 2013
(current_events.rules)
  2017667 - ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05 2013
(current_events.rules)
  2017755 - ET CURRENT_EVENTS Possible Goon EK Java Payload
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140312/95f71ff8/attachment.html>


More information about the Emerging-updates mailing list