Quantcast
Channel: Blog
Viewing all 489 articles
Browse latest View live

Daily Ruleset Update Summary 02/18/2014

February 18, 2014, 3:16 pm
$
0
0

[***] Summary: [***]

8 new Open rules, 12 new Pro (8/4). Linksys vulns, PcClient, PCRat/Gh0st.

Thanks @EKwatcher.
[+++] Added rules: [+++]

Open:

2018153 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 27 (trojan.rules)
2018154 – ET TROJAN Win32.Hack.PcClient.g CnC (OUTBOUND) XOR b5 (trojan.rules)
2018155 – ET WORM TheMoon.linksys.router 3 (worm.rules)
2018156 – ET EXPLOIT Linksys Auth Bypass fw_sys_up.cgi (exploit.rules)
2018157 – ET EXPLOIT Linksys Auth Bypass override.cgi (exploit.rules)
2018158 – ET EXPLOIT Linksys Auth Bypass share_editor.cgi (exploit.rules)
2018159 – ET EXPLOIT Linksys Auth Bypass switch_boot.cgi (exploit.rules)
2018160 – ET EXPLOIT Linksys Failed Upgrade BackDoor Access (Server Response) (exploit.rules)

Pro:

2807692 – ETPRO TROJAN Trojan.Banker.ACF Checkin (trojan.rules)
2807693 – ETPRO WORM win32.Gaobot (worm.rules)
2807694 – ETPRO TROJAN Win32/Delf.gen!A Checkin (trojan.rules)
2807695 – ETPRO TROJAN Win32/Tocoomu.A Checkin (trojan.rules)
[///] Modified active rules: [///]

2009813 – ET TROJAN Trojan.MyDNS DNSChanger – HTTP POST (trojan.rules)
2801453 – ETPRO USER_AGENTS Suspicious UA likely Banload Trojan Related (user_agents.rules)

 

Search

Daily Ruleset Update Summary 02/19/2014

February 19, 2014, 3:17 pm
$
0
0

[***] Summary: [***]

3 new Open rules, 12 new Pro (3/9). GoonEK, Installsheild, Evernote Spam Campaign.

[+++] Added rules: [+++]

Open:

2018161 – ET CURRENT_EVENTS Possible GoonEK Landing Feb 19 2014 1 (current_events.rules)
2018162 – ET CURRENT_EVENTS Malicous Redirect Evernote Spam Campaign Feb 19 2014 (current_events.rules)
2018163 – ET CURRENT_EVENTS GoonEK Landing Feb 19 2014 2 (current_events.rules)

Pro:

2807696 – ETPRO TROJAN Backdoor.Win32.Nucleroot.c Checkin (trojan.rules)
2807697 – ETPRO TROJAN Win32/Luder.B Checkin (trojan.rules)
2807698 – ETPRO TROJAN Win32/Almanahe.B Checkin (trojan.rules)
2807699 – ETPRO TROJAN Trojan.Win32.Buzus.mucu Checkin (trojan.rules)
2807700 – ETPRO TROJAN Win32/Horst.Q Checkin (trojan.rules)
2807703 – ETPRO TROJAN Trojan-Clicker.Win32.Delf.cg Checkin (trojan.rules)
2807704 – ETPRO TROJAN Fake installshie1d 1 (trojan.rules)
2807705 – ETPRO TROJAN Fake installshie1d 2 (trojan.rules)
2807706 – ETPRO TROJAN Worm.Win32.Socks.afv Checkin (trojan.rules)
[///] Modified active rules: [///]

2017258 – ET CURRENT_EVENTS Fake FedEX/Pony spam campaign URI Struct (current_events.rules)

 

Daily Ruleset Update Summary 02/20/2014

February 20, 2014, 4:23 pm
$
0
0

[***] Summary: [***]

1 new Open, 5 new Pro (1/4). iBanking.bot, PcClient, Ebury SSH.

Thanks to CERT-Bund for allowing us to include the Ebury signature they published in their excellent write-up found here https://www.cert-bund.de/ebury-faq

[+++] Added rules: [+++]

Open:

2018164 – ET TROJAN Ebury SSH Rootkit data exfiltration (trojan.rules)

Pro:

2807707 – ETPRO TROJAN Win32.Swisyn.cskp Checkin (trojan.rules)
2807708 – ETPRO TROJAN Win32/Idicaf.C Checkin (trojan.rules)
2807709 – ETPRO MOBILE_MALWARE Android/iBanking.bot (mobile_malware.rules)
2807710 – ETPRO TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 3 (trojan.rules)
[///] Modified active rules: [///]

2014726 – ET POLICY Outdated Windows Flash Version IE (policy.rules)
2014727 – ET POLICY Outdated Mac Flash Version (policy.rules)
2807581 – ETPRO TROJAN Backdoor.Win32/PcClient.AA Checkin (trojan.rules)

Daily Ruleset Update Summary 02/21/2014

February 21, 2014, 4:24 pm
$
0
0

[***] Summary: [***]

5 new Open, 13 new Pro (5/8). Various AndroidOS, Gupix/PlugX, Adobe Reader vuln.
[+++] Added rules: [+++]

Open:

2018165 – ET TROJAN Gh0st Trojan CnC 3 (trojan.rules)
2018166 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 28 (trojan.rules)
2018167 – ET TROJAN Generic CnC (trojan.rules)
2018168 – ET WEB_SPECIFIC_APPS MediaWiki thumb.php RCE (web_specific_apps.rules)
2018169 – ET TROJAN Gupix/PlugX Client Request (trojan.rules)

Pro:

2807711 – ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
2807712 – ETPRO TROJAN Win32/Rovnix.J Checkin (trojan.rules)
2807713 – ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Gepew.a Checkin (mobile_malware.rules)
2807714 – ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeMart.a Checkin (mobile_malware.rules)
2807715 – ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeMart.a Checkin 2 (mobile_malware.rules)
2807716 – ETPRO MOBILE_MALWARE AndroidOS/Sumzand.A Checkin (mobile_malware.rules)
2807717 – ETPRO WEB_CLIENT Adobe Reader Double Free CVE-2014-0493 1 (web_client.rules)
2807718 – ETPRO WEB_CLIENT Adobe Reader Double Free CVE-2014-0493 2 (web_client.rules)

 

[///] Modified active rules: [///]
2803145 – ETPRO TROJAN BackDoor.Darkshell.246 CnC traffic (trojan.rules)
2805748 – ETPRO TROJAN TROJ_GEN.F47V1018 Checkin (trojan.rules)
2807472 – ETPRO TROJAN Win32/Bervod.A (trojan.rules)
2807707 – ETPRO TROJAN Win32.Swisyn.cskp Checkin (trojan.rules)
[---] Removed rules: [---]

2804043 – ETPRO TROJAN BackDoor.Darkshell.246 CnC traffic 2 (trojan.rules)

 

Daily Ruleset Update Summary 02/24/2014

February 24, 2014, 3:31 pm
$
0
0

[***] Summary: [***]

2 new Open, 13 new Pro (2/11).  Various Android, Angler, Agent.afag.

Thanks @EKwatcher

[+++] Added rules: [+++]

Open:

2018170 – ET POLICY Application Crash Report Sent to Microsoft (policy.rules)
2018171 – ET CURRENT_EVENTS Angler Landing Page Feb 24 2014 (current_events.rules)

Pro:

2807719 – ETPRO TROJAN PSW.Win32.Agent.afag Checkin (trojan.rules)
2807720 – ETPRO TROJAN PSW.Win32.Agent.afag Request 1 (trojan.rules)
2807721 – ETPRO TROJAN PSW.Win32.Agent.afag Request 2 (trojan.rules)
2807722 – ETPRO TROJAN Musomar.A Checkin (trojan.rules)
2807723 – ETPRO MALWARE Adware.MediaFinder.1 Checkin (malware.rules)
2807724 – ETPRO MALWARE Win32/Toolbar.Besttoolbars.G Checkin (malware.rules)
2807725 – ETPRO TROJAN Trojan.Win32.Inject.hpit Checkin (trojan.rules)
2807726 – ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fb Checkin (mobile_malware.rules)
2807727 – ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fb Checkin 2 (mobile_malware.rules)
2807728 – ETPRO MOBILE_MALWARE Android/52Loc.B Checkin (mobile_malware.rules)
2807729 – ETPRO MOBILE_MALWARE Android/52Loc.B Download (mobile_malware.rules)
[///] Modified active rules: [///]

2017369 – ET TROJAN Bitcoin variant Checkin (trojan.rules)
2018165 – ET TROJAN Gh0st Trojan CnC 3 (trojan.rules)
2018169 – ET TROJAN Gulpix/PlugX Client Request (trojan.rules)

 

[---] Removed rules: [---]

2807713 – ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Gepew.a Checkin (mobile_malware.rules)

 

EMERGING THREATS HELPS SOLVE ENTERPRISE VULNERABILITIES WITH IQRISK™ SUITE

February 25, 2014, 5:00 am
$
0
0

ETPro Ruleset Included in IQRisk Suite for a Comprehensive Threat Intelligence Offering to the Enterprise

SAN FRANCISCO (RSA Conference Booth #2235 South Hall) – FEBRUARY 25, 2014 – Emerging Threats, a world-leading provider of commercial and open source threat intelligence, today announced that it has expanded its customer base to the enterprise, and as a result will be offering the ETPro Ruleset™ as part of IQRisk™ Suite. Due to the dramatic increase in security breaches and exfiltration of data in recent weeks, many large enterprises have been evaluating the ETPro Ruleset and IQRisk Suite (IQRisk Rep List and IQRisk Query) to help protect their networks from malware and malicious threats.

The enterprise’s private and public networks are increasingly under scrutiny as the number of hacking incidents continues to rise. Intruders can gain access to sensitive information simply through the vulnerabilities that exist in these networks or through backdoors on private commercial systems. Emerging Threats address these issues where they’re most at-risk – at the IDS/IPS and/or the firewall by delivering the most comprehensive and feature-rich threat intelligence products and solutions. Bundling the ETPro Ruleset into IQRisk Suite, Emerging Threats can now offer a complete and attractively priced threat intelligence solution that is ideal for the enterprise.

The ETPro Ruleset is truly a full-featured ruleset that offers a layer of protection at the network level to provide complete malware protection on SNORT® and Suricata platforms. IQRisk Rep List is the ideal IP reputation list that is easily ingested into most firewalls and UTMs to effectively identify and block malicious threats from entering the network. IQRisk Query, now in beta, is an extensive threat intelligence database that delivers valuable information through a Web-based portal with an intuitive GUI. Features of IQRisk Query include up to three years of historical data of IP and domain behavior, threat categorization, scoring, geo location, and other pertinent information on suspected IPs and domains that enables users to determine the acceptable level of risk to make informative decisions.

“The recent number of attacks and other security breaches is, unfortunately, growing rapidly in the enterprise today,” said Ken Gramley, CEO of Emerging Threats. “Combining all our products into the IQRisk Suite will create a very attractive and cost-effective offering to the enterprise. The ETPro Ruleset, IQRisk Rep List, and IQRisk Query will still be offered individually to meet the varying needs of our customers.”

Product Pricing and Availability

IQRisk Suite is available immediately and includes IQRisk Query beta, with general availability by late September 2014. For customers that require individual products, each will continue to be sold separately to meet their needs. To request more information, pricing, and to order Emerging Threats products and solutions, please contact the respective Emerging Threats sales office at:

AMERICAS CORPORATE & SALES OFFICE
416 Main Street
Suite 3
Lafayette, Indiana 47901 USA
+1 866 504 2523 Phone
sales.americas@nullemergingthreats.net

EMEA SALES OFFICE
416 Main Street
Suite 3
Lafayette, Indiana 47901 USA
+1 866 504 2523 Phone
sales.emea@nullemergingthreats.net

ASIA SALES OFFICE
416 Main Street
Suite 3
Lafayette, Indiana 47901 USA
+1 866 504 2523 Phone
sales.asia@nullemergingthreats.net

KOREAN SALES OFFICE
#304, O-sung Building, 831-42
Yuksam-Dong, Gangnam-Gu
Seoul, South Korea
+82 10 3231 0393 Phone
sales.korea@nullemergingthreats.net

About Emerging Threats

Emerging Threats is a world-leading provider of commercial and open source threat intelligence. Founded in 2003 as a cyber security research community, Emerging Threats has become the de facto standard in network-based malware threat detection. The company’s ETOpen Ruleset, ETPro™ Ruleset, and IQRisk™ Suite of threat intelligence are platform agnostic for easy integration with Suricata, SNORT®, and other network intrusion protection and detection systems. With ETPro Ruleset, organizations can achieve the highest standards of malicious threat detection with world-class support and research for extended vulnerability coverage. ETPro Ruleset is ideal for enterprises, government agencies, financial institutions, SMBs, higher education, and service providers. For more information, please visit http://www.emergingthreats.net.

© 2014 Emerging Threats Pro, LLC. All rights reserved. All other names and marks are property of their respective owners. ETPro™, IQRisk™, and the ET design are trademarks of Emerging Threats Pro, LLC.

SNORT® is a registered trademark of Sourcefire, Inc.

Daily Ruleset Update Summary 02/25/2014

February 25, 2014, 4:37 pm
$
0
0

[***] Summary: [***]

7 new Open rules, 13 new Pro (7/5). TDS, Symantec Endpoint Manager XXE RCE, Various Android.

Thanks: @MalwareMustDie ,@kafeine, Jake Warren, Ify Ajokubi, Kevin Ross

[+++] Added rules: [+++]

Open:

2018172 – ET CURRENT_EVENTS SUSPICIOUS Java Lang Runtime in Response (current_events.rules)
2018174 – ET MALWARE RelevantKnowledge Adware CnC Beacon (malware.rules)
2018175 – ET CURRENT_EVENTS SUSPICIOUS XXTEA UTF-16 Encoded HTTP Response (current_events.rules)
2018176 – ET WEB_SPECIFIC_APPS Symantec Endpoint Manager XXE RCE Attempt (web_specific_apps.rules)
2018177 – ET CURRENT_EVENTS OnClick Anti-BOT TDS POST Feb 25 2014 (current_events.rules)
2018178 – ET CURRENT_EVENTS OnClick Anti-BOT TDS Hidden Form Feb 25 2014 (current_events.rules)
2018179 – ET CURRENT_EVENTS Obfuscation Technique Used in CVE-2014-0322 Attacks (current_events.rules)

Pro:

2807730 – ETPRO TROJAN Win32/Ceckno.D Checkin (trojan.rules)
2807731 – ETPRO TROJAN Win32.Dialer.asuj Checkin (trojan.rules)
2807732 – ETPRO MOBILE_MALWARE Monitor.AndroidOS.Gizmo.a Checkin (mobile_malware.rules)
2807733 – ETPRO MOBILE_MALWARE Android/TrojanSMS.FakeInst.CG Checkin (mobile_malware.rules)
2807734 – ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.bo Checkin 3 (mobile_malware.rules)
[///] Modified active rules: [///]

2003635 – ET TROJAN Generic Password Stealer User Agent Detected (RookIE) (trojan.rules)
2013186 – ET CURRENT_EVENTS Win32.Renos/Artro Trojan Checkin (current_events.rules)
2018125 – ET CURRENT_EVENTS SUSPICIOUS .PIF File Inside of Zip (current_events.rules)
2018153 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 27 (trojan.rules)
2805335 – ETPRO TROJAN Win32/Renos Checkin 3 (trojan.rules)
2807245 – ETPRO TROJAN Variant.Zusy.71154 Checkin (trojan.rules)
[---] Removed rules: [---]

2807693 – ETPRO WORM win32.Gaobot (worm.rules)

Daily Ruleset Update Summary 02/26/2014

February 26, 2014, 5:40 pm
$
0
0

[***] Summary: [***]

11 new Open, 18 new Pro (11/7). Zeus, FakeFlash, Various Android.

[+++] Added rules: [+++]

Open:

2018181 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 29 (trojan.rules)
2018182 – ET CURRENT_EVENTS Zeus Spam Campaign pdf.exe In ZIP – 26th Feb 2014 (current_events.rules)
2018183 – ET CURRENT_EVENTS Zeus.Downloader Campaign Unknown Initial CnC Beacon (current_events.rules)
2018184 – ET CURRENT_EVENTS Zeus.Downloader Campaign Second Stage Executable Request (current_events.rules)
2018185 – ET TROJAN W32/FakeFlash.Dropper Initial CnC Beacon (trojan.rules)
2018186 – ET TROJAN W32/FakeFlash.Dropper Initial CnC Beacon Acknowledgement (trojan.rules)
2018187 – ET TROJAN W32/FakeFlash.Dropper PutInformation CnC Beacon (trojan.rules)
2018188 – ET TROJAN W32/FakeFlash.Dropper GetInformation CnC Beacon Acknowledgement (trojan.rules)
2018189 – ET TROJAN Backdoor.joggver backdoor initialization packet (trojan.rules)
2018190 – ET CURRENT_EVENTS Possible FakeAV .exe.vbe HTTP Content-Disposition (current_events.rules)
2018191 – ET CURRENT_EVENTS SUSPICIOUS .exe Downloaded from SVN/HTTP on GoogleCode (current_events.rules)

Pro:

2807735 – ETPRO TROJAN Worm.Win32.AutoRun.cwvx Checkin (trojan.rules)
2807736 – ETPRO TROJAN Trojan-Proxy.Win32.Agent.gob Checkin (trojan.rules)
2807737 – ETPRO TROJAN W32/Farfli.AQK!tr Checkin (trojan.rules)
2807738 – ETPRO TROJAN Win32.Parite.B CnC (OUTBOUND) (trojan.rules)
2807739 – ETPRO TROJAN Win32.Pincav CnC (OUTBOUND) (trojan.rules)
2807740 – ETPRO MOBILE_MALWARE Android.Trojan.SecretSpy.A Checkin (mobile_malware.rules)
2807741 – ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fakengry.b Checkin 2 (mobile_malware.rules)
[///] Modified active rules: [///]

2008908 – ET TROJAN Trojan.Delf-5496 New Infection Report (trojan.rules)
2018125 – ET CURRENT_EVENTS SUSPICIOUS .PIF File Inside of Zip (current_events.rules)
2806160 – ETPRO MOBILE_MALWARE Android.Troj.FakeSms.a Checkin (mobile_malware.rules)
2806839 – ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.KR Checkin (mobile_malware.rules)

Search

Daily Ruleset Update Summary 02/27/2014

February 27, 2014, 12:56 pm
$
0
0

[***] Summary: [***]

7 new Pro rules. Zbot, Zegost, Android/SMSreg.AO.

[+++] Added rules: [+++]

Pro:

2807742 – ETPRO TROJAN Trojan-Spy.Win32.Zbot.relx Checkin (trojan.rules)
2807743 – ETPRO TROJAN Backdoor.Win32.VB.atj Checkin (trojan.rules)
2807744 – ETPRO TROJAN Backdoor.Win32/Zegost.AY Checkin (trojan.rules)
2807745 – ETPRO TROJAN Trojan.Win32.Jorik.Slenfbot.app Checkin (trojan.rules)
2807746 – ETPRO TROJAN Trojan-Spy.Win32.Zbot.rptb Checkin (trojan.rules)
2807747 – ETPRO TROJAN Trojan-Ransom.Win32.Agent.hzq Checkin (trojan.rules)
2807748 – ETPRO MOBILE_MALWARE Android/SMSreg.AO Checkin (mobile_malware.rules)
[///] Modified active rules: [///]

2803928 – ETPRO TROJAN Backdoor/Ruskill.ce Joining IRC Channel (trojan.rules)

 

Daily Ruleset Update Summary 02/28/2014

February 28, 2014, 3:44 pm
$
0
0

[***] Summary: [***]

5 new Open rules, 12 new Pro (5/7). Xtrat, iBryte, Sefnit.

Thanks: Harry Tuttle, Kevin Ross, Marcus Cymerman, @MalwareMustDie

[+++] Added rules: [+++]

Open:

2018193 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 30 (trojan.rules)
2018194 – ET MALWARE Adware.iBryte.B Install (malware.rules)
2018195 – ET TROJAN Win32.Sefnit (trojan.rules)
2018196 – ET CURRENT_EVENTS Malicious Spam Redirection Feb 28 2014 (current_events.rules)
2018197 – ET MALWARE Win32.AdWare.iBryte.C Install (malware.rules)

Pro:

2807749 – ETPRO TROJAN Backdoor.Win32/Xtrat.A Possbile Plugin Download (trojan.rules)
2807750 – ETPRO TROJAN Trojan-Dropper.Win32.Dinwod.rbd Checkin (trojan.rules)
2807751 – ETPRO TROJAN Win32/Enchanim.gen!B Checkin (trojan.rules)
2807752 – ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Helir.a Checkin (mobile_malware.rules)
2807753 – ETPRO TROJAN Trojan.Win32.Agentb.aoii Checkin (trojan.rules)
2807754 – ETPRO TROJAN Trojan-Downloader.Win32.Adload.dyjd Checkin (trojan.rules)
2807755 – ETPRO TROJAN Win32/Sisron ICMP Outbound (trojan.rules)
[///] Modified active rules: [///]

2013865 – ET TROJAN Kazy/Kryptor/Cycbot Trojan Checkin 2 (trojan.rules)
2013983 – ET MALWARE Adware-Win32/EoRezo Reporting (malware.rules)
2017498 – ET CURRENT_EVENTS Blatantly Evil JS Function (current_events.rules)
2807003 – ETPRO TROJAN Loadmoney.A Checkin 5 (trojan.rules)
[///] Modified inactive rules: [///]

2012689 – ET POLICY LoJack asset recovery/tracking – not malicious (policy.rules)
[---] Removed rules: [---]

2403333 – ET CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules)
2804499 – ETPRO MALWARE Adware.iBryte.B Install (malware.rules)
2805190 – ETPRO MALWARE Win32.AdWare.iBryte.C Install (malware.rules)
2807475 – ETPRO TROJAN Win32.Sefnit (trojan.rules)

Daily Ruleset Update Summary 03/03/2014

March 3, 2014, 5:27 pm
$
0
0

[***] Summary: [***]

7 new Open rules, 11 new Pro. GameThief, Matsnu, log4jAdmin, GingerMaster.

Thanks: Kevin Ross, @c_APT_ure, Nathan Fowler, Eoin Miller.

[+++] Added rules: [+++]

Open:

2018198 – ET TROJAN Win32/Kryptik.BSYO Checkin 2 (trojan.rules)
2018200 – ET TROJAN Win32/Matsnu.L Checkin (trojan.rules)
2018201 – ET TROJAN Downloader.Win32.Geral Checkin (trojan.rules)
2018202 – ET WEB_SERVER log4jAdmin access from non-local network (can modify logging levels) (web_server.rules)
2018203 – ET WEB_SERVER log4jAdmin access from non-local network Page Body (can modify logging levels) (web_server.rules)
2018204 – ET TROJAN W32/Qakbot.Bot Version 8 CnC Beacon (trojan.rules)
2018205 – ET TROJAN Win32/Kryptik.BSYO Checkin (trojan.rules)

Pro:

2807756 – ETPRO TROJAN Backdoor.Win32.SdBot CnC at IRC Channel (trojan.rules)
2807757 – ETPRO TROJAN PSW.Win32.QQRob.bjp Checkin (trojan.rules)
2807758 – ETPRO TROJAN GameThief.Win32.OnLineGames.aqv User-Agent (My_Agenter) (trojan.rules)
2807759 – ETPRO MOBILE_MALWARE Trojan.AndroidOS.GingerMaster.a Checkin 5 (mobile_malware.rules)
[///] Modified active rules: [///]
2805537 – ETPRO TROJAN Trojan.Win32.Yakes.azpf Checkin 1 (trojan.rules)
2805538 – ETPRO TROJAN Trojan.Win32.Yakes.azpf Checkin 2 (trojan.rules)
2806220 – ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.JY Checkin (mobile_malware.rules)
2807328 – ETPRO MALWARE InstallBrain checkin (malware.rules)
2807550 – ETPRO TROJAN DDoS.Win32/Nitol.B Checkin 3 (trojan.rules)
2807673 – ETPRO TROJAN Trojan-Downloader.Win32.Boltolog.pfv Checkin (trojan.rules)
[---] Removed rules: [---]

2807502 – ETPRO TROJAN Win32/Kryptik.BSYO Checkin (trojan.rules)
2807508 – ETPRO TROJAN Win32/Kryptik.BSYO Checkin 2 (trojan.rules)

 

Daily Ruleset Update Summary 03/04/2014

March 4, 2014, 2:48 pm
$
0
0

[***] Summary: [***]

17 new Open rules, 24 new Pro (17/7). LightsOut, Various DDNS, Various Android.

Thanks: @Rmkml, Kevin Ross, Jake Warren, Nathan Fowler, @kafeine, Eoin Miller.

[+++] Added rules: [+++]

Open:

2018206 – ET CURRENT_EVENTS Hello/LightsOut EK Secondary Landing (current_events.rules)
2018207 – ET CURRENT_EVENTS LightsOut EK Exploit/Payload Request (current_events.rules)
2018208 – ET DOS Inbound GoldenEye DoS attack (dos.rules)
2018209 – ET CURRENT_EVENTS Rawin EK Java fakav.jar (current_events.rules)
2018210 – ET POLICY W32/Installiq.Adware Install Information Beacon (policy.rules)
2018211 – ET INFO HTTP Connection To DDNS Domain Adultdns.net (info.rules)
2018212 – ET INFO HTTP Connection To DDNS Domain Servehttp.com (info.rules)
2018213 – ET INFO HTTP Connection To DDNS Domain Myvnc.com (info.rules)
2018214 – ET INFO HTTP Connection To DDNS Domain Redirectme.net (info.rules)
2018215 – ET INFO HTTP Connection To DDNS Domain Zapto.org (info.rules)
2018216 – ET INFO HTTP Connection To DDNS Domain Hopto.org (info.rules)
2018217 – ET INFO HTTP Connection To DDNS Domain serveblog.net (info.rules)
2018218 – ET INFO HTTP Connection To DDNS Domain myftp.com (info.rules)
2018219 – ET INFO DYNAMIC_DNS HTTP Request to a *.sytes.net Domain (info.rules)
2018220 – ET INFO DYNAMIC_DNS HTTP Request to a *.ddns.info Domain (info.rules)
2018221 – ET INFO DYNAMIC_DNS HTTP Request to a *.ddns.name Domain (info.rules)
2018222 – ET POLICY InstallIQ Updater Software request (policy.rules)

Pro:

2807760 – ETPRO MOBILE_MALWARE Android.Adware.Wapsx.A Suspicious User-Agent (mobile_malware.rules)
2807761 – ETPRO MOBILE_MALWARE Android.Trojan.GingerMaster.DN (mobile_malware.rules)
2807762 – ETPRO TROJAN Win32/Killav.CM Checkin (trojan.rules)
2807763 – ETPRO TROJAN Win32/Hider.G GET .ini Request (trojan.rules)
2807764 – ETPRO TROJAN Trojan-Downloader.Win32.Adload.dyjd Checkin (trojan.rules)
2807765 – ETPRO TROJAN Win32/Tenpeq.gen!B Checkin (trojan.rules)
2807766 – ETPRO TROJAN Trojan-Downloader.Win32.Genome.egme Checkin (trojan.rules)
[///] Modified active rules: [///]

2018151 – ET TROJAN W32/Azbreg.Backdoor CnC Beacon (trojan.rules)
2807446 – ETPRO MOBILE_MALWARE Android/Spy.Agent.AF Checkin 2 (mobile_malware.rules)
[---] Removed rules: [---]

2804166 – ETPRO INFO DYNAMIC_DNS HTTP Request to a *.ddns.info Domain (info.rules)
2804170 – ETPRO INFO DYNAMIC_DNS HTTP Request to a *.ddns.name Domain (info.rules)
2804503 – ETPRO POLICY InstallIQ Updater Software request (policy.rules)
2804634 – ETPRO INFO DYNAMIC_DNS HTTP Request to a *.sytes.net Domain (info.rules)
2805992 – ETPRO TROJAN Win32/Farfli.AC Checkin (trojan.rules)

Daily Ruleset Update Summary 03/05/2014

March 5, 2014, 4:24 pm
$
0
0

[***] Summary: [***]

2 new open, 11 new Pro (2/9). Fiesta, Neutrino, Various Android, Nitol.

[+++] Added rules: [+++]

Open:

2018225 – ET CURRENT_EVENTS Possible Fiesta Jar with four-letter class names (current_events.rules)
2018226 – ET CURRENT_EVENTS Possible Neutrino/Fiesta SilverLight Exploit March 05 2014 DLL Naming Convention (current_events.rules)

Pro:

2807767 – ETPRO MOBILE_MALWARE Android.Riskware.SMSReg. DE Checkin (mobile_malware.rules)
2807768 – ETPRO MOBILE_MALWARE Android.Riskware.SMSReg. DE Checkin 2 (mobile_malware.rules)
2807769 – ETPRO TROJAN DDoS.Win32/Nitol.D Checkin (Intel) (trojan.rules)
2807770 – ETPRO TROJAN DDoS.Win32/Nitol.D Checkin (AMD) (trojan.rules)
2807771 – ETPRO TROJAN Win32/Kuluoz.D Checkin (trojan.rules)
2807772 – ETPRO TROJAN Win32/Neglemir.A Checkin (trojan.rules)
2807773 – ETPRO TROJAN Win32/Neglemir.A CnC (trojan.rules)
2807774 – ETPRO TROJAN Trojan.Win32.Siggen Downloader (trojan.rules)
2807775 – ETPRO TROJAN Win32/Injector.gen!ER Checkin (trojan.rules)
[///] Modified active rules: [///]

2016499 – ET CURRENT_EVENTS Styx Exploit Kit Payload Download (current_events.rules)
2018210 – ET POLICY W32/Installiq.Adware Install Information Beacon (policy.rules)
2018223 – ET CURRENT_EVENTS SWF filename used in IE 2014-0322 Watering Hole Attacks (current_events.rules)
2806651 – ETPRO MOBILE_MALWARE Android/Spy.Agent.I Checkin (mobile_malware.rules)

Daily Ruleset Update Summary 03/06/2014

March 6, 2014, 1:29 pm
$
0
0

[***] Summary: [***]

4 new Open, 13 new Pro (4/9). Rawin, Mediana.q, PcClient, Darkshell, SMSHoax.

Thanks: @kafeine

[+++] Added rules: [+++]

Open:

2018227 – ET CURRENT_EVENTS Rawin Flash Landing URI Struct March 05 2014 (current_events.rules)
2018228 – ET TROJAN Possible PlugX Common Header Struct (trojan.rules)
2018229 – ET TROJAN Darkshell.A Checkin XOR C0 Win XP (trojan.rules)
2018230 – ET TROJAN SMSHoax Riskware checkin (trojan.rules)

Pro:

2807776 – ETPRO TROJAN Win32/PcClient.B Checkin (trojan.rules)
2807777 – ETPRO TROJAN Variant.Strictor.47231 Checkin (trojan.rules)
2807778 – ETPRO TROJAN Win32/Obfuscator.XX Checkin (trojan.rules)
2807779 – ETPRO TROJAN VBS/Agent.NEX Checkin (trojan.rules)
2807780 – ETPRO TROJAN Trojan-PSW.Win32.VB.phv Checkin (trojan.rules)
2807781 – ETPRO TROJAN TrojanProxy.Mediana.q Proxy CnC Checkin (trojan.rules)
2807782 – ETPRO TROJAN TrojanProxy.Mediana.q Proxy CnC Checkin Response (trojan.rules)
2807783 – ETPRO TROJAN Win32/TrojanProxy.Agent.NJK CnC Checkin Response (trojan.rules)
2807784 – ETPRO TROJAN Win32/Kryptik.BVCB Checkin (trojan.rules)
[///] Modified active rules: [///]

2018154 – ET TROJAN Win32.Hack.PcClient.g CnC (OUTBOUND) XOR b5 (trojan.rules)

Daily Ruleset Update Summary 03/07/2014

March 7, 2014, 4:29 pm
$
0
0

[***] Summary: [***]

10 new Open rules, 18 new Pro (10/8). CritX, Various AndroidOS.

Thanks: Kevin Ross.

[+++] Added rules: [+++]

Open:

2018231 – ET INFO SUSPICIOUS .scr file download (info.rules)
2018232 – ET CURRENT_EVENTS Possible ZyXELs ZynOS Configuration Download Attempt (Contains Passwords) (current_events.rules)
2018233 – ET INFO JAR Sent Claiming To Be Image – Likely Exploit Kit (info.rules)
2018234 – ET INFO JAR Sent Claiming To Be Text Content – Likely Exploit Kit (info.rules)
2018235 – ET CURRENT_EVENTS CritX/SafePack/FlashPack CVE-2013-2551 (current_events.rules)
2018236 – ET CURRENT_EVENTS CritX/SafePack/FlashPack SilverLight Secondary Landing (current_events.rules)
2018237 – ET CURRENT_EVENTS CritX/SafePack/FlashPack SilverLight file as eot (current_events.rules)
2018238 – ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Common Filename javadb.php (current_events.rules)
2018239 – ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Common Filename javaim.php (current_events.rules)
2018240 – ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Common Filename javarh.php (current_events.rules)

Pro:

2807785 – ETPRO TROJAN IM-Worm.Win32.Steckt.dp Checkin (trojan.rules)
2807786 – ETPRO MOBILE_MALWARE AndroidOS/OpFakeSms.C Checkin (mobile_malware.rules)
2807787 – ETPRO TROJAN Trojan.Win32.StartPage.arra Checkin (trojan.rules)
2807788 – ETPRO MOBILE_MALWARE Trojan.AndroidOS.Blocal.a Checkin (mobile_malware.rules)
2807789 – ETPRO MOBILE_MALWARE Trojan.AndroidOS.Blocal.a Checkin 2 (mobile_malware.rules)
2807790 – ETPRO MOBILE_MALWARE Trojan.AndroidOS.Blocal.a Checkin 3 (mobile_malware.rules)
2807791 – ETPRO MALWARE Win32/Adware.Kraddare.HB Checkin (malware.rules)
2807792 – ETPRO TROJAN Win32/Obfuscator.XZ Checkin 3 (trojan.rules)
[///] Modified active rules: [///]

2008474 – ET MALWARE Adware.Look2Me Activity (malware.rules)
2014271 – ET TROJAN Win32/Cutwail.BE Checkin 1 (trojan.rules)
2014272 – ET TROJAN Win32/Cutwail.BE Checkin 2 (trojan.rules)
2016751 – ET CURRENT_EVENTS RedKit/Sakura/CritX/SafePack/FlashPack applet + obfuscated URL Apr 10 2013 (current_events.rules)

2807756 – ETPRO TROJAN Backdoor.Win32.SdBot CnC via IRC (trojan.rules)
[---] Disabled and modified rules: [---]

2807717 – ETPRO WEB_CLIENT Adobe Reader Double Free CVE-2014-0493 1 (web_client.rules)
[---] Removed rules: [---]

2008342 – ET TROJAN Suspicious User-Agent (ld) (trojan.rules)
2014291 – ET TROJAN W32/Backdoor.Kbot Config Retrieval (trojan.rules)
2807325 – ETPRO MALWARE AdWare.Win32.Look2Me.ab Checkin (malware.rules)

 

Search

Daily Ruleset Update Summary 03/10/2014

March 10, 2014, 4:32 pm
$
0
0

[***] Summary: [***]

1 new Open rule, 8 new Pro. Zeus GameOver, BlackEnergy, Quervar.C.

Thanks: @kafeine, Nathan Fowler
[+++] Added rules: [+++]

Open:

2018242 – ET TROJAN Possible Zeus GameOver Connectivity Check (trojan.rules)

Pro:

2807793 – ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin (trojan.rules)
2807794 – ETPRO TROJAN Trojan-Dropper.Win32.Dorifel.aiez Checkin (trojan.rules)
2807795 – ETPRO TROJAN Win32/Quervar.C Possible NetBIOS Query (KASPERSKY) (trojan.rules)
2807796 – ETPRO TROJAN Win32/Quervar.C DNS query to Domain kaspersky.localnet (trojan.rules)
2807797 – ETPRO TROJAN Trojan-Dropper.Win32.Dorifel.ahba Checkin (trojan.rules)
2807798 – ETPRO TROJAN Variant.Barys.808 Checkin (trojan.rules)
2807799 – ETPRO TROJAN Backdoor.Win32/Morix.B CnC traffic 2 (trojan.rules)
[///] Modified active rules: [///]

2016499 – ET CURRENT_EVENTS Styx Exploit Kit Payload Download (current_events.rules)
2017636 – ET CURRENT_EVENTS Nuclear EK PDF URI Struct (current_events.rules)
2017666 – ET CURRENT_EVENTS Nuclear EK JAR URI Struct Nov 05 2013 (current_events.rules)
2017667 – ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05 2013 (current_events.rules)
2017774 – ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 URI Struct Nov 26 2013 (current_events.rules)
2018171 – ET CURRENT_EVENTS Angler Landing Page Feb 24 2014 (current_events.rules)
2807273 – ETPRO TROJAN Trojan.Ransom.BV Checkin (trojan.rules)
2807711 – ETPRO TROJAN Trojan.FakeMS Checkin (trojan.rules)
2807719 – ETPRO TROJAN PSW.Win32.Agent.afag Checkin (trojan.rules)
2807781 – ETPRO TROJAN TrojanProxy.Mediana.q Proxy CnC Checkin (trojan.rules)
[---] Removed rules: [---]

2403335 – ET CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules)
2807720 – ETPRO TROJAN PSW.Win32.Agent.afag Request 1 (trojan.rules)
2807721 – ETPRO TROJAN PSW.Win32.Agent.afag Request 2 (trojan.rules)

March 2014 Microsoft Tuesday Coverage

March 11, 2014, 1:45 pm
$
0
0
BulletinCVETitleNotesET Pro Coverage
MS14-0122014-0297Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807800
MS14-0122014-0298Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807801
MS14-0122014-0299Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807802
MS14-0122014-0302Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807803
MS14-0122014-0303Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807804
MS14-0122014-0304Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807805
MS14-0122014-0305Internet Explorer Memory Corruption VulnerabilityExploit Code LikelyContinuing Research
MS14-0122014-0309Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807806
MS14-0122014-0312Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807807
MS14-0122014-0313Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807808-2807809
MS14-0122014-0314Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807810
MS14-0122014-0322Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2018147
MS14-0122014-0324Internet Explorer Memory Corruption VulnerabilityExploit Code Likely2807811

Daily Ruleset Update Summary 03/11/2014

March 11, 2014, 3:15 pm
$
0
0

[***] Summary: [***]

10 new Open rules, 23 new Pro (10/13). Havex RAT, Gamut, Snake Rootkit.

Thanks: Jake Warren, @MalwareMustDie, Kevin Ross, BAE Systems.

Please see our blog post outlining our coverage for Microsoft Patch Tuesday releases here:

http://www.emergingthreats.net/2014/03/11/march-2014-microsoft-tuesday-coverage/

[+++] Added rules: [+++]

Open:

2018243 – ET TROJAN Havex RAT CnC Server Response (trojan.rules)
2018244 – ET TROJAN Havex RAT CnC Server Response HTML Tag (trojan.rules)
2018245 – ET CURRENT_EVENTS Gamut Spambot Checkin (current_events.rules)
2018246 – ET CURRENT_EVENTS Gamut Spambot Checkin Response (current_events.rules)
2018247 – ET TROJAN Snake rootkit, usermode-centric client request (trojan.rules)
2018248 – ET TROJAN Snake rootkit, usermode-centric encrypted command from server (trojan.rules)
2018249 – ET TROJAN W32/PointOfSales.Misc CnC Beacon (trojan.rules)
2018250 – ET TROJAN W32/PointOfSales.Misc CnC Activity (trojan.rules)
2018251 – ET TROJAN Havex Rat Check-in URI Struct (trojan.rules)
2018253 – ET TROJAN RDP Brute Force Bot Checkin (trojan.rules)

Pro:

2807800 – ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0297) (web_client.rules)
2807801 – ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0298) (web_client.rules)
2807802 – ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0299) (web_client.rules)
2807803 – ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0302) (web_client.rules)
2807804 – ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0303) (web_client.rules)
2807805 – ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0304) (web_client.rules)
2807806 – ETPRO WEB_CLIENT Possible User-After-Free CVE-2014-0309 (web_client.rules)
2807807 – ETPRO WEB_CLIENT Possible User-After-Free CVE-2014-0312 (web_client.rules)
2807808 – ETPRO WEB_CLIENT Possible IE10 Memory Corruption Vulnerability CVE-2014-0313 1 (web_client.rules)
2807809 – ETPRO WEB_CLIENT Possible IE10 Memory Corruption Vulnerability CVE-2014-0313 2 (web_client.rules)
2807810 – ETPRO WEB_CLIENT CSelectTracker type confusion CVE-2014-0314 (web_client.rules)
2807811 – ETPRO WEB_CLIENT Possible IE8 Memory Corruption Vulnerability CVE-2014-0324 (web_client.rules)
2807812 – ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 7 (mobile_malware.rules)
[///] Modified active rules: [///]

2014726 – ET POLICY Outdated Windows Flash Version IE (policy.rules)
2014727 – ET POLICY Outdated Mac Flash Version (policy.rules)
[---] Removed rules: [---]

2807679 – ETPRO TROJAN Win32/Kryptik.BUQO Checkin (trojan.rules)

Daily Ruleset Update Summary 03/12/2014

March 12, 2014, 3:06 pm
$
0
0

[***] Summary: [***]

10 new Open, 15 new Pro (10/5). Nuclear EK, Kace Backdoor, Kimodin SSH.

Thanks: @EKwatcher, @kafeine, Nathan Fowler
[+++] Added rules: [+++]

Open:

2018254 – ET TROJAN Possible Graftor EXE Download Common Header Order (trojan.rules)
2018255 – ET TROJAN Win32/Expiro.CD Check-in (trojan.rules)
2018256 – ET TROJAN TDLv4 SSL Cert (trojan.rules)
2018257 – ET CURRENT_EVENTS Gamut Spambot Checkin 2 (current_events.rules)
2018258 – ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF URI Struct March 12 2014 (current_events.rules)
2018259 – ET CURRENT_EVENTS DRIVEBY Nuclear EK CVE-2013-2551 URI Struct Nov 26 2013 (current_events.rules)
2018261 – ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Page Mar 12 2014 (current_events.rules)
2018262 – ET CURRENT_EVENTS DRIVEBY Nuclear EK IE Exploit CVE-2013-2551 March 12 2014 (current_events.rules)
2018263 – ET CURRENT_EVENTS Dell Kace backdoor (current_events.rules)
2018264 – ET TROJAN Linux/Kimodin SSH backdoor activity (trojan.rules)

Pro:

2807813 – ETPRO TROJAN DDoS.Win32/Nitol.E Checkin (trojan.rules)
2807814 – ETPRO TROJAN Trojan.Autoit.F Checkin 4 (trojan.rules)
2807815 – ETPRO TROJAN Win32/Agent.DE Checkin (trojan.rules)
2807816 – ETPRO TROJAN Win32/Agent.DE Checkin 2 (trojan.rules)
2807817 – ETPRO TROJAN Trojan-Downloader.Win32.Agent.ybmu Checkin (trojan.rules)
[///] Modified active rules: [///]

2016794 – ET CURRENT_EVENTS Possible Linux/Cdorked.A Incoming Command (current_events.rules)
2017666 – ET CURRENT_EVENTS Nuclear EK JAR URI Struct Nov 05 2013 (current_events.rules)
2017667 – ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05 2013 (current_events.rules)
2017755 – ET CURRENT_EVENTS Possible Goon EK Java Payload (current_events.rules)

Daily Ruleset Update Summary 03/14/2014 (π Edition)

March 14, 2014, 3:41 pm
$
0
0

[***] Summary: [***]

6 new Open rules, 21 new Pro (6/15). Various Android, DarkComet, Netwire, WordPress DOS.

Thanks: @EKwatcher @c_APT_ure @MalwareMustDie

Emerging Threats would like to remind and/or inform everyone that this ruleset does not contain the Russian Business Network (RBN) rules. These rules are obsolete and will not be distributed in future releases.
[+++] Added rules: [+++]

2018260 – ET CURRENT_EVENTS DRIVEBY Styx Landing Page Mar 08 2014 (current_events.rules)
2018277 – ET DOS Possible WordPress Pingback DDoS in Progress (Inbound) (dos.rules)
2018279 – ET CURRENT_EVENTS MtGox Leak wallet stealer UA (current_events.rules)
2018281 – ET TROJAN Possible Netwire RAT Client HeartBeat C1 (no alert) (trojan.rules)
2018282 – ET TROJAN Possible Netwire RAT Client HeartBeat S1 (no alert) (trojan.rules)
2018283 – ET TROJAN Possible Netwire RAT Client HeartBeat C2 (trojan.rules)

Pro:

2807818 – ETPRO TROJAN Troj/DwnLdr-LHU Checkin (trojan.rules)
2807819 – ETPRO TROJAN Backdoor.Win32.Hupigon Checkin (Intel) (trojan.rules)
2807820 – ETPRO TROJAN Backdoor.Win32.Hupigon Checkin (AMD) (trojan.rules)
2807821 – ETPRO TROJAN DarkComet-RAT activity (trojan.rules)
2807822 – ETPRO TROJAN Win32/Paramis.A Checkin 2 (trojan.rules)
2807823 – ETPRO TROJAN Trojan-Dropper.Win32.Sysn.acbq Checkin (trojan.rules)
2807824 – ETPRO MOBILE_MALWARE Android/Agent.BNO Checkin (mobile_malware.rules)
2807825 – ETPRO MOBILE_MALWARE Android/Agent.BNO Checkin 2 (mobile_malware.rules)
2807826 – ETPRO TROJAN Win32/Parite.B Checkin (trojan.rules)
2807827 – ETPRO TROJAN Win32/Virut.AG Checkin (trojan.rules)
2807828 – ETPRO TROJAN Win32/Matcash.F Checkin (trojan.rules)
2807829 – ETPRO EXPLOIT HP Data Protector Backup Client Service Remote Code Execution (Unicode UTF-16 Little Endian) (exploit.rules)
2807830 – ETPRO EXPLOIT HP Data Protector Backup Client Service Remote Code Execution (Unicode UTF-16 Big Endian) (exploit.rules)
2807831 – ETPRO TROJAN Win32/Tofsee.I Checkin (trojan.rules)
2807832 – ETPRO TROJAN Generic.Mitglied Checkin 2 (trojan.rules)
[///] Modified active rules: [///]

2007994 – ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
2017064 – ET CURRENT_EVENTS Cool/BHEK/Goon Applet with Alpha-Numeric Encoded HTML entity (current_events.rules)
2017998 – ET CURRENT_EVENTS Possible IE/SilverLight GoonEK Payload Download (current_events.rules)
2805223 – ETPRO TROJAN W32/Scar.GKKK!tr Checkin (trojan.rules)
2806657 – ETPRO TROJAN Win32.CCProxy.jk (proxy redirect) (trojan.rules)
2807143 – ETPRO TROJAN Win32.RatTool Checkin (trojan.rules)
2807581 – ETPRO TROJAN Backdoor.Win32/PcClient.AA Checkin (trojan.rules)
2807711 – ETPRO TROJAN Trojan.FakeMS Checkin (trojan.rules)

[---] Removed rules: [---]

2406* – ET RBN Known Russian Business Network IP group * (rbn.rules)
2408* – ET RBN Known Malvertiser IP group * (rbn-malvertisers.rules)

 

Viewing all 489 articles
Browse latest View live
Search