Quantcast
Channel: Blog
Viewing all articles
Browse latest Browse all 489

Daily Ruleset Update Summary 05/21/2013

May 21, 2013, 3:26 pm
$
0
0

[***] Summary: [***]

51 new Open, 53 new Pro (51/2). Operation Hangover, Outdated MSIE/FF/Windows UA, Neutrino, FlimKit, Pushdo, BlackRev, Briba, etc.

Thanks to Chris Wakelin, Kevin Ross, and PacketHack for their contributions. You might want to disable the Unsupported/Fake MSIE/FF sigs depending on your environment.

[+++] Added rules: [+++]

2016861 – ET TROJAN Hangover Campaign Keylogger Checkin (trojan.rules)
2016862 – ET TROJAN Hangover Campaign Keylogger 2 checkin (trojan.rules)
2016863 – ET TROJAN Trojan.Win32.VB.cefz Checkin (trojan.rules)
2016864 – ET TROJAN Backdoor.Win32.Agent.bjjv Checkin (trojan.rules)
2016865 – ET TROJAN TrojanSpy.KeyLogger.acqh User-Agent(EMSFRTCBVD) (trojan.rules)
2016866 – ET TROJAN Trojan-Spy.Win32.KeyLogger.acuj Checkin (trojan.rules)
2016867 – ET TROJAN Backdoor.Win32.Pushdo.s Checkin (trojan.rules)
2016868 – ET CURRENT_EVENTS Neutrino Plugin-Detect 2 May 20 2013 (current_events.rules)
2016869 – ET CURRENT_EVENTS FlimKit Post Exploit Payload Download (current_events.rules)
2016870 – ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5. (policy.rules)
2016871 – ET POLICY Unsupported/Fake Internet Explorer Version MSIE 4. (policy.rules)
2016872 – ET POLICY Unsupported/Fake Internet Explorer Version MSIE 3. (policy.rules)
2016873 – ET POLICY Unsupported/Fake Internet Explorer Version MSIE 2. (policy.rules)
2016874 – ET POLICY Unsupported/Fake Internet Explorer Version MSIE 1. (policy.rules)
2016875 – ET POLICY Unsupported/Fake FireFox Version 0. (policy.rules)
2016876 – ET POLICY Unsupported/Fake FireFox Version 1. (policy.rules)
2016877 – ET POLICY Unsupported/Fake FireFox Version 2. (policy.rules)
2016878 – ET POLICY Unsupported/Fake Windows NT Version 4. (policy.rules)
2016879 – ET POLICY Unsupported/Fake Windows NT Version 5.0 (policy.rules)
2016880 – ET INFO Suspicious Windows NT version 0 User-Agent (info.rules)
2016881 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(FMBVDFRESCT) (trojan.rules)
2016882 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(DSMBVCTFRE) (trojan.rules)
2016883 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(MBESCVDFRT) (trojan.rules)
2016884 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(TCBFRVDEMS) (trojan.rules)
2016885 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(DEMOMAKE) (trojan.rules)
2016886 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(DEMO) (trojan.rules)
2016887 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(UPHTTP) (trojan.rules)
2016888 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(sendFile) (trojan.rules)
2016889 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(wininetget/0.1) (trojan.rules)
2016890 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(file) (trojan.rules)
2016891 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(vbusers) (trojan.rules)
2016892 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(folderwin) (trojan.rules)
2016893 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(smaal) (trojan.rules)
2016894 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(nento) (trojan.rules)
2016895 – ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(bugmaal) (trojan.rules)
2016896 – ET CURRENT_EVENTS Unknown EK Requesting Payload (current_events.rules)
2016897 – ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5 (trojan.rules)
2016898 – ET INFO Suspicious MSIE 10 on Windows NT 5 (info.rules)
2016899 – ET TROJAN Trojan.BlackRev Registering Client (trojan.rules)
2016900 – ET TROJAN Trojan.BlackRev Polling for DoS targets (trojan.rules)
2016901 – ET TROJAN Trojan.BlackRev Download Executable (trojan.rules)
2016902 – ET TROJAN Trojan.BlackRev Download Executable (trojan.rules)
2016903 – ET USER_AGENTS Suspicious User-Agent (DownloadMR) (user_agents.rules)
2016904 – ET USER_AGENTS User-Agent (ChilkatUpload) (user_agents.rules)
2016905 – ET MALWARE AdWare.MSIL.Solimba.b GET (malware.rules)
2016906 – ET MALWARE AdWare.MSIL.Solimba.b POST (malware.rules)
2016907 – ET TROJAN Trojan-Spy.Win32.Agent.byhm User-Agent (EMSCBVDFRT) (trojan.rules)
2016908 – ET TROJAN Trojan.Win32.FresctSpy.A User-Agent (MBVDFRESCT) (trojan.rules)
2016909 – ET TROJAN Trojan.BlackRev Registration Rev3 (trojan.rules)
2016910 – ET TROJAN Trojan.BlackRev Get Command Rev3 (trojan.rules)
2016911 – ET TROJAN W32/Briba CnC POST Beacon (trojan.rules)

Pro:
2806378 – ETPRO TROJAN Win32/Moure.A Checkin (trojan.rules)
2806379 – ETPRO TROJAN W32/OnLineGames.LVXF Checkin (trojan.rules)

[///] Modified active rules: [///]

Open:
2015957 – ET TROJAN Lyposit Ransomware Checkin 1 (trojan.rules)
2016107 – ET CURRENT_EVENTS Unknown EK Requesting Jar (current_events.rules)
2016706 – ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage landing page (1) (current_events.rules)
2016846 – ET INFO Possible Firefox Plugin install (info.rules)

Pro:
2804009 – ETPRO TROJAN Backdoor.Win32/Hanove.A User-Agent (SIMPLE) (trojan.rules)
2805833 – ETPRO TROJAN W32/KeyLogger.ACQH!tr Checkin (trojan.rules)
2806248 – ETPRO TROJAN Trojan-Dropper.Win32.Dapato.cabb Checkin (trojan.rules)

[---] Removed rules: [---]

2009175 – ET TROJAN Zbot/Zeus C&C Access (trojan.rules)
2009389 – ET TROJAN Tornado Pack Binary Request (trojan.rules)
2803633 – ETPRO TROJAN Trojan.Win32.FresctSpy.A User-Agent (MBVDFRESCT) (trojan.rules)
2804271 – ETPRO TROJAN TrojanDownloader.Agent.nd Checkin (trojan.rules)
2804628 – ETPRO TROJAN Trojan-Spy.Win32.Agent.byhm User-Agent (EMSCBVDFRT) (trojan.rules)

Search
Viewing all articles
Browse latest Browse all 489
Search