[Emerging-Sigs] Daily Ruleset Update Summary 09/10/2014

Francis Trudeau ftrudeau at emergingthreats.net
Wed Sep 10 17:09:28 EDT 2014


 [***] Summary: [***]

 11 new Open signatures, 24 new Pro (11+13).  Abuse.ch SSL Blacklist,
Sweet Orange EK, Crilock.D, Various Android.

 Thanks:  Kevin Ross, Jake Warren, @abuse_ch, @EKwatcher.

 [+++]          Added rules:          [+++]

 Open:

  2019146 - ET CURRENT_EVENTS Sweet Orange CDN Gate Sept 09 2014
Method 2 (current_events.rules)
  2019147 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019148 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019149 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019150 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019151 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019152 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019153 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019154 - ET CURRENT_EVENTS Sweet Orange EK Java Exploit
(current_events.rules)
  2019155 - ET TROJAN Possible Zeus GameOver Connectivity Check 2 (trojan.rules)
  2019156 - ET MALWARE W32/Kyle Malvertising.Dropper CnC Beacon (malware.rules)
  2019157 - ET WEB_SPECIFIC_APPS Webmin Directory Traversal
(web_specific_apps.rules)

 Pro:

  2808778 - ETPRO TROJAN Win32/Malagent!gmb connectivity check (trojan.rules)
  2808779 - ETPRO TROJAN Win32.Wemosis.ia Checkin (trojan.rules)
  2808780 - ETPRO WEB_SPECIFIC_APPS WordPress config.php in HTTP
response (web_specific_apps.rules)
  2808781 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.AL Checkin
(mobile_malware.rules)
  2808782 - ETPRO TROJAN Win32/Crilock.D SSL connection (trojan.rules)
  2808783 - ETPRO TROJAN Win32/Crilock.D SSL Cert (trojan.rules)
  2808784 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Hippo.Q Checkin
(mobile_malware.rules)
  2808785 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.dc Checkin
(mobile_malware.rules)
  2808786 - ETPRO TROJAN Win32/Pitou.A Checkin (trojan.rules)
  2808787 - ETPRO TROJAN SpyEye Checkin version unknown (trojan.rules)
  2808788 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fb Checkin
(mobile_malware.rules)
  2808789 - ETPRO MALWARE AdWare.Win32.EoRezo SSL Cert (malware.rules)
  2808790 - ETPRO MOBILE_MALWARE Android/Netisend.A Checkin 2
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2016450 - ET TROJAN Backdoor.Win32/Likseput.A Checkin (trojan.rules)
  2019085 - ET EXPLOIT Metasploit FireFox WebIDL Privileged Javascript
Injection (exploit.rules)
  2803980 - ETPRO TROJAN Backdoor.Win32.Salamdom!IK Checkin 2 (trojan.rules)
  2804876 - ETPRO TROJAN Win32/Coswid.A Checkin (trojan.rules)
  2807145 - ETPRO TROJAN Backdoor.Win32.Simda.abpn Checkin (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2017005 - ET CURRENT_EVENTS Possible Microsoft Office PNG overflow
attempt invalid tEXt chunk length (current_events.rules)
  2807027 - ETPRO TROJAN Win32/Meredrop Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2008597 - ET SCAN Cisco Torch SNMP Scan (scan.rules)
  2014748 - ET CURRENT_EVENTS RedKit Repeated Exploit Request Pattern
(current_events.rules)
  2015851 - ET CURRENT_EVENTS Georgian Targeted Attack - Client
Request (current_events.rules)
  2015852 - ET CURRENT_EVENTS Georgian Targeted Attack - Server
Response (current_events.rules)
  2016405 - ET CURRENT_EVENTS CoolEK - PDF Exploit - Feb 12 2013
(current_events.rules)
  2018703 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)


More information about the Emerging-sigs mailing list