[Emerging-updates] [Emerging-Sigs] Daily Ruleset Update Summary 11/26/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Nov 26 20:43:32 EST 2014


Regin Lua rules have been added to the repo. Thanks Dhuss.

https://github.com/EmergingThreats/et-luajit-scripts

Regards,

Will

On Wed, Nov 26, 2014 at 5:08 PM, Darien Huss <dhuss at emergingthreats.net>
wrote:

> Additionally, rules 2019816,2019817,2019820 were published for Regin for
> Snort 2.9+ only. We will have something out for Suricata (Lua only) early
> next week or sooner.
>
> Regards,
> Darien
>
> On Wed, Nov 26, 2014 at 5:40 PM, Francis Trudeau <
> ftrudeau at emergingthreats.net> wrote:
>
>>  [***] Summary: [***]
>>
>>  5 new Open rules, 8 new Pro (5 + 3).  Abuse.ch Malicious SSL
>> certificate, Win32/Notodar.
>>
>>  Thanks:  @abuse_ch
>>
>>  [+++]          Added rules:          [+++]
>>
>>  Open:
>>
>>   2019813 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
>> detected (Hesperbot CnC) (trojan.rules)
>>   2019814 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
>> detected (KINS CnC) (trojan.rules)
>>   2019815 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
>> detected (KINS CnC) (trojan.rules)
>>   2019818 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
>> detected (Dyre CnC) (trojan.rules)
>>   2019819 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
>> detected (Dyre CnC) (trojan.rules)
>>
>>  Pro:
>>
>>   2809248 - ETPRO WEB_SPECIFIC_APPS SP Client Document Manager WP
>> Plugin SQLi (web_specific_apps.rules)
>>   2809249 - ETPRO TROJAN Backdoor.MSIL.Soaphrish.A checkin (trojan.rules)
>>   2809251 - ETPRO TROJAN Win32/Notodar Checkin (trojan.rules)
>>
>>
>>  [///]     Modified active rules:     [///]
>>
>>   2013224 - ET POLICY Suspicious User-Agent Containing .exe (policy.rules)
>>   2014636 - ET TROJAN Backdoor.Win32/Poison.BI (trojan.rules)
>>   2016567 - ET TROJAN Win32/Urausy.C Checkin 2 (trojan.rules)
>>   2019798 - ET CURRENT_EVENTS Malicious Iframe Leading to EK
>> (current_events.rules)
>>
>>
>>  [---]         Removed rules:         [---]
>>
>>   2017258 - ET CURRENT_EVENTS Fake FedEX/Pony spam campaign URI Struct
>> (current_events.rules)
>>   2804479 - ETPRO TROJAN Trojan.Win32.Generic Checkin (trojan.rules)
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at lists.emergingthreats.net
>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreats.net
>>
>>
>
> _______________________________________________
> Emerging-updates mailing list
> Emerging-updates at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-updates
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20141126/4ae8554d/attachment.html>


More information about the Emerging-updates mailing list