[Emerging-Sigs] Daily Ruleset Update Summary 09/11/2014

Francis Trudeau ftrudeau at emergingthreats.net
Thu Sep 11 17:00:02 EDT 2014


 [***] Status: [***]

 9 new Open signatures, 23 new Pro (9+14).  DecebalPOS, JackPOS, Various Andoid.

 Thanks:  Kevin Ross.


 [+++]          Added rules:          [+++]

 Open:

  2019158 - ET TROJAN Possible Malicious Invoice EXE (trojan.rules)
  2019159 - ET TROJAN TSPY_POCARDL.U Possible FTP Login (trojan.rules)
  2019160 - ET TROJAN DecebalPOS Checkin (trojan.rules)
  2019161 - ET TROJAN DecebalPOS User-Agent (trojan.rules)
  2019162 - ET TROJAN Win.Trojan.Chewbacca connectivity check (trojan.rules)
  2019163 - ET TROJAN JackPOS Checkin (trojan.rules)
  2019164 - ET TROJAN JackPOS XOR Encoded HTTP Client Body (key AA)
(trojan.rules)
  2019165 - ET TROJAN Possible Banload Downloading Executable (trojan.rules)
  2019166 - ET TROJAN Stobox Connectivity Check (trojan.rules)

 Pro:

  2808791 - ETPRO TROJAN Win32/Xymne Checkin (trojan.rules)
  2808792 - ETPRO TROJAN Win32/FlyAgent variant MYSQL C2 (trojan.rules)
  2808793 - ETPRO TROJAN Win32.Androm.cxb Requesting PE (trojan.rules)
  2808794 - ETPRO TROJAN Win32.Weelsof.qko Possible Connectivity Check
wikipedia.org (trojan.rules)
  2808796 - ETPRO TROJAN W32/Magania.IDPJ C2 (trojan.rules)
  2808797 - ETPRO TROJAN Trojan-PSW.Reedum FTP password (trojan.rules)
  2808798 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Vidma.a Checkin
(mobile_malware.rules)
  2808799 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.LJ Checkin
(mobile_malware.rules)
  2808800 - ETPRO TROJAN Win32.Llac.bbeh downloading files (trojan.rules)
  2808801 - ETPRO TROJAN Win32.Reconyc Checkin (trojan.rules)
  2808802 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Zedat.a Checkin
(mobile_malware.rules)
  2808803 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.DB Checkin
(mobile_malware.rules)
  2808804 - ETPRO TROJAN Win32/Cendelf.gen!A connectivity check (trojan.rules)


 [///]     Modified active rules:     [///]

  2001998 - ET MALWARE UCMore Spyware Downloading Ads (malware.rules)
  2002763 - ET TROJAN Dumador Reporting User Activity (trojan.rules)
  2003058 - ET MALWARE 180solutions (Zango) Spyware Installer Download
(malware.rules)
  2018912 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2806306 - ETPRO TROJAN Trojan-PSW.Reedum FTP long Port (LPRT) (trojan.rules)
  2808760 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4087 (web_client.rules)
  2808761 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4088 (web_client.rules)
  2808764 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4094 (web_client.rules)


More information about the Emerging-sigs mailing list