[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Thu Mar 27 17:00:09 EDT 2008


[***] Results from Oinkmaster started Thu Mar 27 17:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2008058 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443 (bleeding-virus.rules)
 2008059 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 port 443 (bleeding-virus.rules)
 2008060 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response port 443 (bleeding-virus.rules)
 2008061 - ET TROJAN LDPinch Checkin (4) (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2006435 - ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce Tool (bleeding-scan.rules)
 2006546 - ET SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack! (bleeding-scan.rules)
 2007962 - ET TROJAN Vipdataend C&C Traffic - Checkin (bleeding-virus.rules)
 2008056 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (4):
        2008058 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443
        2008059 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 port 443
        2008060 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response port 443
        2008061 || ET TROJAN LDPinch Checkin (4)

     -> Added to bleeding-sid-msg.map.txt (4):
        2008058 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443
        2008059 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 port 443
        2008060 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response port 443
        2008061 || ET TROJAN LDPinch Checkin (4)

     -> Added to bleeding-virus.rules (1):
        #also seeing the same on 443





More information about the Snort-sigs mailing list