This past week Microsoft MSRT push contains detections/removals for several widely used APT tools. The coalition (led by Novetta) that brought about the inclusions of these tools in this month MSRT, are encouraging enterprises to push/execute this month MSRT update. Some of malware included in this month MSRT update have a preliminary report posted here.
If you are using either Snort or Sourcefire, the ruleID's to detect some of the threat/family in this month MSRT release are listed below and can be downloaded from Snort or from Sourcefire VRT subscription.
Derusbi -- 20080
Fexel -- 29459
Hikit -- 30948
DeputyDog -- 28493
Hydraq -- 16368, 21304
DarkMoon -- 7816, 7815, 7814, 7813, 12715, 12724
Zxshell -- 32180, 32181
[1] http://blogs.technet.com/b/mmpc/archive/2014/10/14/msrt-october-2014-hikiti.aspx
[2] http://www.microsoft.com/security/pc-security/malware-removal.aspx
[3] http://novetta.com/commercial/news/resources/
[4] https://www.snort.org/downloads/#rule-downloads
'취약점 정보1' 카테고리의 다른 글
| Logging SSL (0) | 2014.10.20 |
|---|---|
| Apple Updates (not just Yosemite) (0) | 2014.10.20 |
| OpenSSL 다중 취약점 보안업데이트 권고 (0) | 2014.10.20 |
| 사이버 공격 "Sandworm"가 "Blacken"에 유도. 산업 제어 시스템이 표적? (0) | 2014.10.18 |
| SSL 3.0의 취약점 "POODLE"이란? (0) | 2014.10.18 |