[Emerging-updates] Daily Ruleset Update Summary 03/25/2014

Francis Trudeau ftrudeau at emergingthreats.net
Tue Mar 25 13:04:05 HADT 2014


 [***] Summary: [***]

 5 new Open rules, 6 new Pro (5/1).  Zeus GameOver, NMAP SIP, Tinbanker.

 Thanks:  Kevin Ross.

 [+++]          Added rules:          [+++]

 Open:

  2018315 - ET WEB_CLIENT Microsoft Rich Text File .RTF File download with
invalid listoverridecount (web_client.rules)
  2018316 - ET CURRENT_EVENTS Zeus GameOver Possible DGA NXDOMAIN Responses
(current_events.rules)
  2018317 - ET SCAN NMAP SIP Version Detect OPTIONS Scan (scan.rules)
  2018318 - ET SCAN NMAP SIP Version Detection Script Activity (scan.rules)
  2018319 - ET CURRENT_EVENTS Upatre SSL Compromised site trudeausociety
(current_events.rules)

 Pro:

  2807882 - ETPRO TROJAN TrojanSpy.Win32/Tinbanker.A Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2018184 - ET CURRENT_EVENTS Zeus.Downloader Campaign Second Stage
Executable Request (current_events.rules)
  2018314 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 1
(current_events.rules)
  2804849 - ETPRO TROJAN Win32/Spy.Bancos.OMJ Checkin (trojan.rules)
  2805953 - ETPRO TROJAN Win32/AgentBypass.B CnC - Download exe command
(trojan.rules)
  2806436 - ETPRO TROJAN TROJ_SASFIS.DA Checkin (trojan.rules)
  2806943 - ETPRO TROJAN Win32/Nefyn.A POST (trojan.rules)
  2807129 - ETPRO TROJAN Trojan.Win32.Bublik.aexq/Khan Fetching DDoS target
(trojan.rules)
  2807130 - ETPRO TROJAN Trojan.Win32.Bublik.aexq/Khan Receiving DDoS
(trojan.rules)
  2807515 - ETPRO TROJAN Minirem (trojan.rules)
  2807864 - ETPRO MALWARE Win32/Nefyn.A GET .exe (malware.rules)
  2807865 - ETPRO TROJAN W32/Agent.EW.gen Checkin 2 (trojan.rules)


 [---]         Removed rules:         [---]

  2805786 - ETPRO WEB_CLIENT Microsoft Rich Text File .RTF File download
with invalid listoverridecount (web_client.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140325/8765b588/attachment.html>


More information about the Emerging-updates mailing list