[***] Summary: [***] 6 new Open rules, 9 new Pro (6/3). Zeus, AndroidOS.FakeInst, HeartBleed. Thanks: Paul Schmehl, Kevin Ross, @kafeine, @EKWatcher. [+++] Added rules: [+++] Open: 2018384 - ET CURRENT_EVENTS Zeus.Downloader Campaign Unknown Initial CnC Beacon 10/4/2014 (current_events.rules)
2018385 - ET CURRENT_EVENTS Zeus.Downloader Campaign Second Stage Executable Request 10/4/2014 (current_events.rules)
2018386 - ET TROJAN Trojan.Win32.Yakes.ehof Checkin (trojan.rules)
2018387 - ET CURRENT_EVENTS Angler EK Landing Apr 14 2014 (current_events.rules)
2018388 - ET CURRENT_EVENTS Possible TLS HeartBleed Unencrypted Request Method 4 (Inbound to Common SSL Port) (current_events.rules)
2018389 - ET CURRENT_EVENTS Possible TLS HeartBleed Unencrypted Request Method 3 (Inbound to Common SSL Port) (current_events.rules) Pro: 2804753 - ETPRO TROJAN Win32/Wadolin.A Checkin (trojan.rules)
2807948 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.ft Checkin (mobile_malware.rules)
2807949 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.ft Checkin 2 (mobile_malware.rules)
[///] Modified active rules: [///] 2003335 - ET USER_AGENTS 2search.org User Agent (2search) (user_agents.rules)
2003346 - ET MALWARE Errorsafe.com Fake antispyware User-Agent (ErrorSafe) (malware.rules)
2003626 - ET MALWARE Double User-Agent (User-Agent User-Agent) (malware.rules)
2009971 - ET P2P eMule KAD Network Hello Request (2) (p2p.rules)
2010162 - ET WEB_SERVER Possible Successful Juniper NetScreen ScreenOS Firmware Version Disclosure Attempt (web_server.rules)
2011503 - ET EXPLOIT Successful Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt (exploit.rules)
2011800 - ET POLICY Abnormal User-Agent No space after colon - Likely Hostile (policy.rules)
2013195 - ET MALWARE Win32.EZula Adware Reporting Successful Install (malware.rules)
2013199 - ET TROJAN Trojan/Hacktool.Sniffer Successful Install Message (trojan.rules)
2013423 - ET TROJAN User-Agent in Referer Field - Likely Malware (trojan.rules)
2014103 - ET WEB_SERVER Unusually Fast HTTP Requests With Referer Url Matching DoS Tool (web_server.rules)
2014302 - ET TROJAN Suspicious HTTP Referer C Drive Path (trojan.rules)
2014758 - ET TROJAN Trojan.BAT.Qhost - SET (trojan.rules)
2014759 - ET TROJAN Trojan.BAT.Qhost Response from Controller (trojan.rules)
2017031 - ET CURRENT_EVENTS Unknown_InIFRAME - In Referer (current_events.rules)
2017561 - ET MALWARE W32/Wajam.Adware Successful Install (malware.rules)
2017788 - ET MOBILE_MALWARE Android.KorBanker Successful Fake Banking App Install CnC Server Acknowledgement (mobile_malware.rules)
2017880 - ET MALWARE W32/Linkular.Adware Successful Install Beacon (malware.rules)
2017935 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12 SET (trojan.rules)
2017936 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12 (trojan.rules)
2018059 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 1 (trojan.rules)
2018060 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 2 (trojan.rules)
2018061 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 3 (trojan.rules)
2018062 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 4 (trojan.rules)
2018063 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 5 (trojan.rules)
2018064 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 6 (trojan.rules)
2018065 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 7 (trojan.rules)
2018066 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 8 (trojan.rules)
2018067 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 9 (trojan.rules)
2018068 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 10 (trojan.rules)
2018129 - ET TROJAN W32/Trojan-Gypikon Sending Data (trojan.rules)
2018130 - ET TROJAN W32/Trojan-Gypikon Server Check-in Response (trojan.rules)
2018162 - ET CURRENT_EVENTS Malicious Redirect Evernote Spam Campaign Feb 19 2014 (current_events.rules)
2018283 - ET TROJAN Possible Netwire RAT Client HeartBeat C2 (trojan.rules)
2018323 - ET MALWARE W32/Linkular.Adware Successful Install Beacon (2) (malware.rules)
2018345 - ET TROJAN W32/SpeedingUpMyPC.Rootkit Successful Install GET Type CnC Beacon (trojan.rules)
2804241 - ETPRO TROJAN Unknown Trojan Checkin id= mac= (trojan.rules)
2804446 - ETPRO TROJAN Win32/Votead Checkin (trojan.rules)
2806313 - ETPRO TROJAN Win32/Injector.AEDM Checkin (trojan.rules)
2806880 - ETPRO TROJAN Suspicious HTTP Referer artifact.exe at drive C (trojan.rules)
[///] Modified inactive rules: [///] 2010500 - ET MALWARE Executable purporting to be .txt file with no Referer - Likely Malware (malware.rules)
2010501 - ET MALWARE Executable purporting to be .cfg file with no Referer - Likely Malware (malware.rules)
[---] Removed rules: [---] 2018020 - ET TROJAN Win32.WinSpy.pob Sending Data over SMTP 2 (trojan.rules)
2018251 - ET TROJAN Havex Rat Check-in URI Struct (trojan.rules)
2405089 - ET CNC Shadowserver Reported CnC Server Port 58914 Group 1 (botcc.portgrouped.rules)
2806408 - ETPRO TROJAN Win32/Banload.AHA Sending SPAM (trojan.rules)

 

Date: 
Sunday, April 13, 2014 - 22:00