[Emerging-Sigs] Daily Ruleset Update Summary 09/08/2014

Francis Trudeau ftrudeau at emergingthreats.net
Mon Sep 8 17:47:20 EDT 2014


 [***] Summary: [***]

 11 new Open signatures, 21 new Pro (11+10).  Abuse.ch SSL blacklist,
Battdil.B, Flashpack EK, Zbot.

 Thanks:  Patrick Olsen, @abuse_ch

 [+++]          Added rules:          [+++]

 Open:

  2009809 - ET MALWARE Generic/Unknown Downloader Config to client
(malware.rules)
  2019130 - ET CURRENT_EVENTS Unknown EK Landing (current_events.rules)
  2019131 - ET CURRENT_EVENTS Unknown EK Landing (current_events.rules)
  2019134 - ET CURRENT_EVENTS Flashpack Redirect Method 2 (current_events.rules)
  2019135 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019136 - ET TROJAN APT OSX.XSLCmd CnC Beacon (trojan.rules)
  2019137 - ET WEB_SPECIFIC_APPS Possible WP CuckooTap Arbitrary File
Download (web_specific_apps.rules)
  2019138 - ET TROJAN Win32/Poweliks GET Request (trojan.rules)
  2019139 - ET WEB_SPECIFIC_APPS WordPress Huge IT Image Gallery 1.0.0
SQL Injection (web_specific_apps.rules)
  2019140 - ET POLICY External IP Lookup maxmind.com (policy.rules)
  2019141 - ET TROJAN Zbot POST Request to C2 (trojan.rules)

 Pro:

  2808745 - ETPRO TROJAN Win32/Battdil.B SSL Cert 1 (trojan.rules)
  2808746 - ETPRO TROJAN Win32/Battdil.B SSL Cert 2 (trojan.rules)
  2808747 - ETPRO MOBILE_MALWARE Android/Tekwon.A Checkin 4
(mobile_malware.rules)
  2808748 - ETPRO TROJAN Win32/Picazen.A Dropping Files (trojan.rules)
  2808749 - ETPRO TROJAN Win32/Battdil.B SSL Cert 3 (trojan.rules)
  2808750 - ETPRO CURRENT_EVENTS Flashpack EK Thread 3 Sep 05 2014
(current_events.rules)
  2808751 - ETPRO TROJAN Win32.Yakes.fvbs Checkin (trojan.rules)
  2808752 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.MTK.e Checkin
(mobile_malware.rules)
  2808753 - ETPRO TROJAN Win32.Biruleibi Checkin (trojan.rules)
  2808754 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Krosec.a Checkin
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2002910 - ET SCAN Potential VNC Scan 5800-5820 (scan.rules)
  2002911 - ET SCAN Potential VNC Scan 5900-5920 (scan.rules)
  2018368 - ET MALWARE W32/PullUpdate.Adware CnC Beacon (malware.rules)
  2018958 - ET TROJAN Worm.Win32.Vobfus Checkin 3 (trojan.rules)
  2019074 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
  2019078 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Aug 27 2014
(current_events.rules)
  2808043 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ao /
Cardbuyer Checkin (mobile_malware.rules)


 [///]    Modified inactive rules:    [///]

  2003022 - ET CHAT Skype Bootstrap Node (udp) (chat.rules)
  2009414 - ET DOS Large amount of TCP ZeroWindow - Possible Nkiller2
DDos attack (dos.rules)


 [---]         Removed rules:         [---]

  2001312 - ET MALWARE Rdxrp.com Traffic (Generic) (malware.rules)
  2009809 - ET TROJAN Generic/Unknown Downloader Config to client (trojan.rules)
  2803566 - ETPRO MALWARE zugobingtoolbar Install (malware.rules)


More information about the Emerging-sigs mailing list