[Emerging-Sigs] Daily Ruleset Update Summary 09/03/2014

Francis Trudeau ftrudeau at emergingthreats.net
Wed Sep 3 18:27:28 EDT 2014


 [***] Summary: [***]

 6 new Open signatures, 19 new Pro (13+6).  Abuse.sh SSL blacklist,
Dyre, Upatre, Various Android.

 Thanks:  @abuse_ch

 [+++]          Added rules:          [+++]

 Open:

  2019104 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 3 2014
(current_events.rules)
  2019105 - ET CURRENT_EVENTS Possible Upatre SSL Cert bluehost.com
Aug 27 2014 (current_events.rules)
  2019106 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019107 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019108 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019109 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)

 Pro:

  2808723 - ETPRO MALWARE Win32/DomaIQ Checkin 2 (malware.rules)
  2808724 - ETPRO MOBILE_MALWARE Android/Crosate.D Checkin
(mobile_malware.rules)
  2808725 - ETPRO MOBILE_MALWARE Android/Crosate.D Checkin 2
(mobile_malware.rules)
  2808726 - ETPRO TROJAN Win32.Dunik Checkin (trojan.rules)
  2808727 - ETPRO MALWARE Win32.Dapato Checkin (malware.rules)
  2808728 - ETPRO MALWARE Win32/Adware.AllSum Checkin (malware.rules)
  2808729 - ETPRO WEB_SPECIFIC_APPS ABE fingerprinting request
(web_specific_apps.rules)
  2808730 - ETPRO TROJAN Win32/Spy.Banker.AAXV Retrieving Key (trojan.rules)
  2808731 - ETPRO TROJAN Win32.QQPass.abvu Retrieving key from
Pinterest (trojan.rules)
  2808732 - ETPRO TROJAN Win32/Comame Checkin (trojan.rules)
  2808733 - ETPRO TROJAN Win32/Wobotork.A Checkin (trojan.rules)
  2808734 - ETPRO MALWARE PUA.DNWRandomHack Checkin (malware.rules)
  2808735 - ETPRO TROJAN Backdoor.Backtor DNS lookup Sep 03, 2014 (trojan.rules)


 [///]     Modified active rules:     [///]

  2018451 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing May 05 2014
(current_events.rules)
  2018459 - ET WEB_SERVER SUSPICIOUS Possible WebShell Login Form
(Outbound) (web_server.rules)
  2018595 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing May 23 2014
(current_events.rules)
  2807474 - ETPRO TROJAN Miniduke Checkin 2 (trojan.rules)
  2807926 - ETPRO TROJAN Trojan-Ransom.Win32.PornoAsset Checkin (trojan.rules)
  2808034 - ETPRO TROJAN Worm.Win32.Marag.f Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2403368 - ET CINS Active Threat Intelligence Poor Reputation IP
group 69 (ciarmy.rules)
  2403369 - ET CINS Active Threat Intelligence Poor Reputation IP
group 70 (ciarmy.rules)
  2403370 - ET CINS Active Threat Intelligence Poor Reputation IP
group 71 (ciarmy.rules)
  2403371 - ET CINS Active Threat Intelligence Poor Reputation IP
group 72 (ciarmy.rules)
  2803586 - ETPRO TROJAN Variant.Buzy.1519 Download Freezone Search
(trojan.rules)


More information about the Emerging-sigs mailing list