[Emerging-updates] Daily Ruleset Update Summary 2015/01/30

Francis Trudeau ftrudeau at emergingthreats.net
Fri Jan 30 15:32:33 EST 2015


 [***] Summary: [***]

 9 new Open signatures, 22 new Pro (9 + 13).  Cirtoni/CTB, f0xy, MSIL/Agent.PYO.

 Thanks:  Pierre Schweitzer and @kafeine.


 [+++]          Added rules:          [+++]

 Open:

  2020333 - ET TROJAN MSIL/Agent.PYO Retrieving Update (trojan.rules)
  2020334 - ET TROJAN MSIL/Agent.PYO Retrieving Config (trojan.rules)
  2020335 - ET TROJAN MSIL/Agent.PYO Receiving Config (trojan.rules)
  2020336 - ET TROJAN MSIL/Agent.PYO Possible net.tcp CnC Beacon
(stat) (trojan.rules)
  2020337 - ET TROJAN MSIL/Agent.PYO Possible net.tcp CnC Beacon
(control) (trojan.rules)
  2020338 - ET WEB_SERVER WPScan User Agent (web_server.rules)
  2020339 - ET TROJAN f0xy Checkin (trojan.rules)
  2020340 - ET TROJAN f0xy Checkin (trojan.rules)
  2020341 - ET TROJAN f0xy Download (trojan.rules)

 Pro:

  2809642 - ETPRO ATTACK_RESPONSE Mimikatz Binary Transfer via HTTP
(attack_response.rules)
  2809643 - ETPRO ATTACK_RESPONSE Mimikatz mimidrv.sys Filename in SMB
Traffic (Unicode) (attack_response.rules)
  2809644 - ETPRO ATTACK_RESPONSE Mimikatz mimikatz.exe Filename in
SMB Traffic (Unicode) (attack_response.rules)
  2809645 - ETPRO ATTACK_RESPONSE Mimikatz mimidrv.sys Filename in SMB
Traffic (ASCII) (attack_response.rules)
  2809646 - ETPRO ATTACK_RESPONSE Mimikatz mimilib.dll Filename in SMB
Traffic (Unicode) (attack_response.rules)
  2809647 - ETPRO ATTACK_RESPONSE Mimikatz mimikatz.exe Filename in
SMB Traffic (ASCII) (attack_response.rules)
  2809648 - ETPRO ATTACK_RESPONSE Mimikatz mimilib.dll Filename in SMB
Traffic (ASCII) (attack_response.rules)
  2809649 - ETPRO ATTACK_RESPONSE Possible Mimikatz mimilib.dll
transffered over SMB (attack_response.rules)
  2809650 - ETPRO WEB_SERVER SQLMap Scan Tool User Agent (web_server.rules)
  2809651 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809652 - ETPRO TROJAN Unknown Bot CnC Beacon 1 (trojan.rules)
  2809653 - ETPRO TROJAN Unknown Bot CnC Beacon 2 (trojan.rules)
  2809654 - ETPRO MALWARE Win32.Chroject.B Checkin (malware.rules)


 [///]     Modified active rules:     [///]

  2018194 - ET MALWARE Adware.iBryte.B Install (malware.rules)
  2020176 - ET TROJAN Skeleton Key Filename in SMB Traffic (Unicode)
(trojan.rules)
  2020177 - ET TROJAN Skeleton Key Filename in SMB Traffic (Unicode)
(trojan.rules)
  2020178 - ET TROJAN Skeleton Key Filename in SMB Traffic (Unicode)
(trojan.rules)


More information about the Emerging-updates mailing list