[Emerging-Sigs] Daily Ruleset Update Summary 09/02/2014

Francis Trudeau ftrudeau at emergingthreats.net
Tue Sep 2 20:17:28 EDT 2014


 [***] Summary: [***]

 4 new Open signatures, 16 new Pro (4+12).  FlashPack, OneLouder,
Various Android, Sality.AM.

 Thanks:  @EKWatcher

 [+++]          Added rules:          [+++]

 Open:

  2019100 - ET CURRENT_EVENTS FlashPack EK Redirect Sept 01 2014
(current_events.rules)
  2019101 - ET POLICY Radmin Remote Control Session Setup Initiate
OUTBOUND (policy.rules)
  2019102 - ET DOS Possible SSDP Amplification Scan in Progress (dos.rules)
  2019103 - ET CURRENT_EVENTS OneLouder EXE download possibly
installing Zeus P2P (current_events.rules)

 Pro:

  2808711 - ETPRO TROJAN W32/VBCheMan.A Checkin 2 (trojan.rules)
  2808712 - ETPRO TROJAN Trojan.Win32.Spy uploading screenshots (trojan.rules)
  2808713 - ETPRO MALWARE Win32.Adware.Malplayer.Auto Checkin (malware.rules)
  2808714 - ETPRO MALWARE PUP Win32/4Shared.X Checkin (malware.rules)
  2808715 - ETPRO TROJAN Win32/Sality.AM GET Request (trojan.rules)
  2808716 - ETPRO TROJAN Win32.Downloader.aCm checkin (trojan.rules)
  2808717 - ETPRO EXPLOIT Netcore Router Backdoor Usage (exploit.rules)
  2808718 - ETPRO TROJAN Backdoor.Win32/Turla.A Checkin (trojan.rules)
  2808719 - ETPRO TROJAN Win32.Virut.ua Dropping Files (trojan.rules)
  2808720 - ETPRO MOBILE_MALWARE Android/Univert.B Checkin
(mobile_malware.rules)
  2808721 - ETPRO MOBILE_MALWARE Android/Tekwon.A Checkin 2
(mobile_malware.rules)
  2808722 - ETPRO MOBILE_MALWARE Android/Tekwon.A Checkin 3
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2017936 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 12 (trojan.rules)
  2018141 - ET TROJAN Possible Compromised Host Sinkhole Cookie Value
Snkz (trojan.rules)
  2018143 - ET TROJAN Backdoor.Win32.Popwin Checkin (trojan.rules)
  2018315 - ET WEB_CLIENT Microsoft Rich Text File .RTF File download
with invalid listoverridecount (web_client.rules)
  2018983 - ET CURRENT_EVENTS Probable OneLouder downloader (Zeus P2P)
(current_events.rules)
  2019005 - ET CURRENT_EVENTS FlashPack EK Redirect Aug 25 2014
(current_events.rules)
  2807636 - ETPRO TROJAN Trojan-Banker.Win32.Agent.ree Checkin (trojan.rules)
  2808340 - ETPRO MALWARE PUP Win32/4Shared.U Checkin (malware.rules)
  2808658 - ETPRO CURRENT_EVENTS FlashPack URI Struct Thread 1
Specific (current_events.rules)
  2808659 - ETPRO CURRENT_EVENTS FlashPack URI Struct Thread 2
Specific (current_events.rules)
  2808697 - ETPRO MOBILE_MALWARE Android/AndroRAT.B Checkin
(mobile_malware.rules)


 [///]    Modified inactive rules:    [///]

  2011367 - ET SCAN Malformed Packet SYN FIN (scan.rules)
  2011368 - ET SCAN Malformed Packet SYN RST (scan.rules)


 [---]         Disabled rules:        [---]

  2801295 - ETPRO WEB_SERVER Known Fraudulent UA inbound Likely Trojan
(web_server.rules)


 [---]         Removed rules:         [---]

  2001445 - ET MALWARE PeopleOnPage Install (malware.rules)
  2007634 - ET TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Search by md5 (trojan.rules)
  2007635 - ET TROJAN Storm Worm Encrypted Traffic Inbound - Likely
Connect Ack (trojan.rules)
  2007636 - ET TROJAN Storm Worm Encrypted Traffic Inbound - Likely
Search by md5 (trojan.rules)
  2007637 - ET TROJAN Storm Worm Encrypted Traffic Outbound - Likely
Connect Ack (trojan.rules)
  2010262 - ET TROJAN WindowsEnterpriseSuite FakeAV Dynamic User-Agent
(trojan.rules)
  2405070 - ET CNC Shadowserver Reported CnC Server Port 38294 Group 1
(botcc.portgrouped.rules)
  2405071 - ET CNC Shadowserver Reported CnC Server Port 54321 Group 1
(botcc.portgrouped.rules)
  2405072 - ET CNC Shadowserver Reported CnC Server Port 58914 Group 1
(botcc.portgrouped.rules)
  2800361 - ETPRO MALWARE aSpy v2.12 (malware.rules)
  2800387 - ETPRO MALWARE SynRat 2.1 Pro (init connection) (malware.rules)
  2800388 - ETPRO MALWARE SynRat 2.1 Pro (malware.rules)
  2800681 - ETPRO DOS Veritas Backup Exec Agent Error Status Null
Dereference Pre-Auth  (dos.rules)
  2800784 - ETPRO EXPLOIT UltraVNC VNCLog Buffer Overflow (exploit.rules)
  2800813 - ETPRO MALWARE Trojan.Win32.Slagent Connection Test (malware.rules)
  2808665 - ETPRO MALWARE KopHack Checkin (malware.rules)


More information about the Emerging-sigs mailing list