[Emerging-Sigs] Daily Ruleset Update Summary 09/04/2014

Francis Trudeau ftrudeau at emergingthreats.net
Thu Sep 4 19:15:46 EDT 2014


 [***] Summary: [***]

 12 new Open signatures, 16 new Pro (12+4).  Various Linux, Abuse.ch
SSL blacklist, HighTide, Threebyte, Waterspout.

 Thanks:  Kevin Ross, Jake Warren, @abuse_ch, @EKWatcher and @kafeine.

 [+++]          Added rules:          [+++]

 Open:

  2019110 - ET WEB_SERVER Likely Malicious Request for /proc/self/fd/
(web_server.rules)
  2019111 - ET WEB_CLIENT Malicious iframe guessing router password 1
(web_client.rules)
  2019112 - ET WEB_CLIENT Malicious iframe guessing router password 2
(web_client.rules)
  2019113 - ET TROJAN HighTide trojan Checkin (trojan.rules)
  2019114 - ET TROJAN W32/Threebyte.APT Checkin (trojan.rules)
  2019115 - ET TROJAN W32/Waterspout.APT Backdoor CnC Beacon (trojan.rules)
  2019117 - ET CURRENT_EVENTS Possible Double Flated Encoded Inbound
Malicious PDF (current_events.rules)
  2019118 - ET CURRENT_EVENTS Possible Double Flated Encoded Inbound
Malicious PDF (current_events.rules)
  2019119 - ET CURRENT_EVENTS Possible Double Flated Encoded Inbound
Malicious PDF (current_events.rules)
  2019120 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019121 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Upatre C2) (trojan.rules)
  2019122 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)

 Pro:

  2808736 - ETPRO TROJAN Backdoor.Comdinter Checkin (trojan.rules)
  2808737 - ETPRO TROJAN Backdoor.Tsunami Download (trojan.rules)
  2808739 - ETPRO TROJAN Backdoor.Linux.Ganiw.a C2 (trojan.rules)
  2808740 - ETPRO TROJAN ELF/Flooder-CA Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2009481 - ET SCAN Grendel-Scan Web Application Security Scan
Detected (scan.rules)
  2013730 - ET SCADA PcVue Activex Control Insecure method (AddPage)
(scada.rules)
  2013731 - ET SCADA PcVue Activex Control Insecure method
(DeletePage) (scada.rules)
  2017666 - ET CURRENT_EVENTS Nuclear EK JAR URI Struct Nov 05 2013
(current_events.rules)
  2019078 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Aug 27 2014
(current_events.rules)
  2805895 - ETPRO SCADA Possible Siemens SIMATIC RF Manager ActiveX
Control Buffer Overflow 2 (scada.rules)
  2808252 - ETPRO TROJAN W32.Injector.13824.C config update pull (trojan.rules)
  2808608 - ETPRO MOBILE_MALWARE Android.Riskware.SMSPay.AO Checkin 3
(mobile_malware.rules)
  2808658 - ETPRO CURRENT_EVENTS FlashPack URI Struct Thread 1
Specific (current_events.rules)


 [///]    Modified inactive rules:    [///]

  2000418 - ET POLICY Executable and linking format (ELF) file
download (policy.rules)


More information about the Emerging-sigs mailing list