Blog

Daily Ruleset Update Summary 1/27/2012

16 new Open rules today, no Pro, and a few tweaks.

 

Have a great weekend!

 

 

[+++]          Added rules:          [+++]

 

2014153 – ET CURRENT_EVENTS High Orbit Ion Cannon (HOIC) Attack Inbound Generic Detection Double Spaced UA (current_events.rules)

2014154 – ET CURRENT_EVENTS DRIVEBY PDF Containing Subform with JavaScript (current_events.rules)

2014155 – ET CURRENT_EVENTS Microsoft Windows Media component specific exploit – SET (current_events.rules)

2014156 – ET CURRENT_EVENTS Microsoft Windows Media component specific exploit (current_events.rules)

2014157 – ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 4 (current_events.rules)

2014158 – ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 4 (current_events.rules)

2014159 – ET CURRENT_EVENTS Blackhole Rhino Java Exploit request to /content/rino.jar (current_events.rules)

2014160 – ET CURRENT_EVENTS Blackhole OBE Java Exploit request to /content/obe.jar (current_events.rules)

2014161 – ET MOBILE_MALWARE Android/FakeTimer.A Reporting to CnC (mobile_malware.rules)

2014162 – ET MOBILE_MALWARE Android/SndApps.SM Sending Information to CnC (mobile_malware.rules)

2014163 – ET TROJAN ET TROJAN Bifrose/Cycbot Checkin 2 (trojan.rules)

2014164 – ET TROJAN W32/DelfInject.A CnC Checkin 2 (trojan.rules)

2014165 – ET TROJAN Suspicious User-Agent MyAgrent (trojan.rules)

2014166 – ET TROJAN W32/Mentory CnC Server Providing Update Details (trojan.rules)

2014167 – ET TROJAN W32/Mentory CnC Server Providing File Info Details (trojan.rules)

2014168 – ET CURRENT_EVENTS DRIVEBY Unknown Landing Page Received (current_events.rules)

 

 

[///]     Modified active rules:     [///]

 

2011364 – ET TROJAN Sinowal/sinonet/mebroot infected host POSTing process list (trojan.rules)

2013531 – ET TROJAN MS Terminal Server User A Login, possible Morto Outbound (trojan.rules)

 

2801586 – ETPRO WEB_CLIENT Multiple Load Library Vulns ibfs32.dll (web_client.rules)

2804292 – ETPRO TROJAN Win32/Xtrat.B CnC Traffic (trojan.rules)

 

 

[---]         Removed rules:         [---]

 

2013060 – ET CURRENT_EVENTS Client Visiting Sidename.js Injected Website – Malware Related (current_events.rules)

2013716 – ET TROJAN W32/Parite CnC Checkin (trojan.rules)

2801587 – ETPRO WEB_CLIENT Multiple Load Library Vulns ibfs32.dll (web_client.rules)

Leave a Reply

Blog Archive

RSS

Categories

Twitter Updates