[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Thu Oct 11 20:00:15 EDT 2007


[***] Results from Oinkmaster started Fri Oct 12 00:00:15 2007 [***]

[+++]          Added rules:          [+++]

 2007632 - BLEEDING-EDGE TROJAN Possible Gozi Trojan Checkin (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2003286 - BLEEDING-EDGE MALWARE SOCKSv5 UDP Proxy Inbound Connect Request (Windows Source) (bleeding-malware.rules)
 2003287 - BLEEDING-EDGE MALWARE SOCKSv5 UDP Proxy Inbound Connect Request (Linux Source) (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (85):
        2007632 || BLEEDING-EDGE TROJAN Possible Gozi Trojan Checkin || url,www.secureworks.com/research/threats/gozi
        2500724 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (725) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500725 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (726) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500726 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (727) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500727 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (728) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500728 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (729) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500729 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (730) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500730 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (731) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500731 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (732) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500732 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (733) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500733 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (734) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500734 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (735) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500735 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (736) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500736 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (737) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500737 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (738) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500738 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (739) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500739 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (740) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500740 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (741) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500741 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (742) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500742 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (743) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500743 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (744) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500744 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (745) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500745 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (746) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500746 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (747) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500747 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (748) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500748 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (749) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500749 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (750) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500750 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (751) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500751 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (752) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500752 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (753) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500753 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (754) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500754 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (755) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500755 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (756) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500756 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (757) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500757 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (758) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500758 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (759) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500759 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (760) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500760 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (761) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500761 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (762) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500762 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (763) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500763 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (764) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500764 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (765) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500765 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (766) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510724 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (725) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510725 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (726) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510726 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (727) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510727 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (728) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510728 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (729) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510729 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (730) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510730 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (731) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510731 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (732) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510732 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (733) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510733 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (734) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510734 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (735) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510735 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (736) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510736 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (737) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510737 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (738) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510738 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (739) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510739 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (740) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510740 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (741) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510741 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (742) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510742 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (743) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510743 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (744) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510744 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (745) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510745 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (746) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510746 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (747) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510747 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (748) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510748 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (749) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510749 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (750) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510750 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (751) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510751 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (752) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510752 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (753) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510753 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (754) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510754 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (755) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510755 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (756) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510756 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (757) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510757 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (758) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510758 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (759) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510759 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (760) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510760 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (761) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510761 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (762) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510762 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (763) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510763 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (764) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510764 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (765) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510765 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (766) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding-virus.rules (1):
        #by Cees Elzinga





More information about the Snort-sigs mailing list