[***] Summary: [***] 10 new Open, 15 new Pro (10/5). Nuclear EK, Kace Backdoor, Kimodin SSH. Thanks: @EKwatcher, @kafeine, Nathan Fowler
[+++] Added rules: [+++] Open: 2018254 - ET TROJAN Possible Graftor EXE Download Common Header Order (trojan.rules)
2018255 - ET TROJAN Win32/Expiro.CD Check-in (trojan.rules)
2018256 - ET TROJAN TDLv4 SSL Cert (trojan.rules)
2018257 - ET CURRENT_EVENTS Gamut Spambot Checkin 2 (current_events.rules)
2018258 - ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF URI Struct March 12 2014 (current_events.rules)
2018259 - ET CURRENT_EVENTS DRIVEBY Nuclear EK CVE-2013-2551 URI Struct Nov 26 2013 (current_events.rules)
2018261 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Page Mar 12 2014 (current_events.rules)
2018262 - ET CURRENT_EVENTS DRIVEBY Nuclear EK IE Exploit CVE-2013-2551 March 12 2014 (current_events.rules)
2018263 - ET CURRENT_EVENTS Dell Kace backdoor (current_events.rules)
2018264 - ET TROJAN Linux/Kimodin SSH backdoor activity (trojan.rules) Pro: 2807813 - ETPRO TROJAN DDoS.Win32/Nitol.E Checkin (trojan.rules)
2807814 - ETPRO TROJAN Trojan.Autoit.F Checkin 4 (trojan.rules)
2807815 - ETPRO TROJAN Win32/Agent.DE Checkin (trojan.rules)
2807816 - ETPRO TROJAN Win32/Agent.DE Checkin 2 (trojan.rules)
2807817 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.ybmu Checkin (trojan.rules)
[///] Modified active rules: [///] 2016794 - ET CURRENT_EVENTS Possible Linux/Cdorked.A Incoming Command (current_events.rules)
2017666 - ET CURRENT_EVENTS Nuclear EK JAR URI Struct Nov 05 2013 (current_events.rules)
2017667 - ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05 2013 (current_events.rules)
2017755 - ET CURRENT_EVENTS Possible Goon EK Java Payload (current_events.rules)

 

Date: 
Tuesday, March 11, 2014 - 22:00