[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Wed Oct 17 20:00:25 EDT 2007


[***] Results from Oinkmaster started Thu Oct 18 00:00:25 2007 [***]

[---]         Disabled rules:        [---]

 2007640 - BLEEDING-EDGE TROJAN Storm Making initial outbound connection (bleeding-virus.rules)
 2007641 - BLEEDING-EDGE TROJAN Storm Controller Response to Drone via tcp (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (42):
        2500909 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (910) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500910 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (911) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500911 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (912) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500912 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (913) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500913 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (914) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500914 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (915) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500915 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (916) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500916 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (917) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500917 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (918) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500918 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (919) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500919 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (920) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500920 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (921) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500921 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (922) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500922 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (923) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500923 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (924) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500924 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (925) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500925 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (926) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500926 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (927) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500927 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (928) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500928 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (929) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500929 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (930) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510909 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (910) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510910 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (911) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510911 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (912) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510912 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (913) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510913 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (914) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510914 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (915) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510915 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (916) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510916 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (917) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510917 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (918) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510918 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (919) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510919 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (920) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510920 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (921) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510921 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (922) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510922 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (923) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510923 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (924) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510924 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (925) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510925 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (926) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510926 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (927) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510927 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (928) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510928 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (929) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510929 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (930) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding-virus.rules (1):
        #temporarily disabling for falses





More information about the Snort-sigs mailing list