[Emerging-updates] Daily Ruleset Update Summary 05/19/2014

Francis Trudeau ftrudeau at emergingthreats.net
Mon May 19 11:31:35 EDT 2014


 [***] Summary: [***]

 7 new Open signatures, 11 new Pro (7+4).  ELF IRCBot, PCRat/Gh0st,
RapidStealer.A.

 Thanks:  @MalwareMustDie

 [+++]          Added rules:          [+++]

 Open:

  2018482 - ET TROJAN Possible Zendran ELF IRCBot Joining Channel (trojan.rules)
  2018483 - ET TROJAN Possible Zendran ELF IRCBot Joining Channel 2
(trojan.rules)
  2018484 - ET TROJAN Possible Zendran ELF IRCBot Server Banner (trojan.rules)
  2018485 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 32 (trojan.rules)
  2018486 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 33 (trojan.rules)
  2018487 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 34 (trojan.rules)
  2018488 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 35 (trojan.rules)

 Pro:

  2808054 - ETPRO TROJAN MSIL/RapidStealer.A FTP Activity 1 (set) (trojan.rules)
  2808055 - ETPRO TROJAN MSIL/RapidStealer.A FTP Activity 1 (trojan.rules)
  2808056 - ETPRO TROJAN MSIL/RapidStealer.A FTP Activity 2 (set) (trojan.rules)
  2808057 - ETPRO TROJAN MSIL/RapidStealer.A FTP Activity 2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2018117 - ET TROJAN Possible Sinkhole banner (trojan.rules)
  2018407 - ET CURRENT_EVENTS Fiesta URI Struct (current_events.rules)


 [---]         Removed rules:         [---]

  2016112 - ET CURRENT_EVENTS Sweet Orange Java obfuscated binary (1)
(current_events.rules)
  2016143 - ET CURRENT_EVENTS Sweet Orange Java obfuscated binary (2)
(current_events.rules)
  2807885 - ETPRO TROJAN Backdoor.Win32/Fynloski.A CnC command
(OUTBOUND) 2 (trojan.rules)
  2807953 - ETPRO TROJAN Backdoor.Win32.Hupigon.occc Checkin (trojan.rules)


More information about the Emerging-updates mailing list