[Emerging-Sigs] Daily Ruleset Update Summary 09/15/2014

Francis Trudeau ftrudeau at emergingthreats.net
Mon Sep 15 18:29:52 EDT 2014


 [***] Summary: [***]

 6 new Open signatures, 10 new Pro (6+4).  Linux.DDoS, SpyEyes.arbc,
iOS/AppBuyer.

 Thanks:  @kafeine

 [+++]          Added rules:          [+++]

 Open:

  2019172 - ET TROJAN Linux.DDoS Checkin (trojan.rules)
  2019173 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 15 2014
(current_events.rules)
  2019174 - ET MOBILE_MALWARE iOS/AppBuyer Checkin 1 (mobile_malware.rules)
  2019175 - ET MOBILE_MALWARE iOS/AppBuyer Checkin 2 (mobile_malware.rules)
  2019176 - ET CURRENT_EVENTS Possible Astrum EK URI Struct
(current_events.rules)
  2019177 - ET TROJAN Linux/AES.DDoS Sending Real/Fake CPU&BW Info
(trojan.rules)

 Pro:

  2808810 - ETPRO TROJAN Win32/LightMoon variant C2 (trojan.rules)
  2808811 - ETPRO TROJAN Win32.SpyEyes.arbc Checkin 1 (trojan.rules)
  2808812 - ETPRO TROJAN Win32.SpyEyes.arbc Checkin 2 (trojan.rules)
  2808814 - ETPRO TROJAN Backdoor.Nitol Checkin Response (trojan.rules)


 [///]     Modified active rules:     [///]

  2002997 - ET WEB_SERVER PHP Remote File Inclusion (monster list
http) (web_server.rules)
  2013328 - ET CURRENT_EVENTS DNS Query for Known Hostile Domain
gooqlepics com (current_events.rules)
  2014560 - ET CURRENT_EVENTS Modified Metasploit Jar (current_events.rules)
  2014797 - ET CURRENT_EVENTS ZeuS Ransomware win_unlock (current_events.rules)
  2014929 - ET CURRENT_EVENTS Request to .in FakeAV Campaign June 19
2012 exe or zip (current_events.rules)
  2019130 - ET CURRENT_EVENTS Astrum EK Landing (current_events.rules)
  2019131 - ET CURRENT_EVENTS Astrum EK Landing (current_events.rules)
  2019168 - ET TROJAN Tinba Checkin (trojan.rules)
  2807580 - ETPRO TROJAN Backdoor.Win32/Hupigon.FI Checkin 2 (trojan.rules)
  2808397 - ETPRO TROJAN Gozi/Ursnif/Papras Connectivity Check (trojan.rules)


 [///]    Modified inactive rules:    [///]

  2008042 - ET TROJAN Hupigon CnC Data Post (variant abb) (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2016801 - ET CURRENT_EVENTS Nuclear landing with obfuscated
plugindetect Apr 29 2013 (current_events.rules)
  2803129 - ETPRO TROJAN Palevo CnC Response (trojan.rules)


 [---]         Removed rules:         [---]

  2008041 - ET TROJAN Hupigon CnC init (variant abb) (trojan.rules)
  2808588 - ETPRO TROJAN Linux.DDoS Checkin (trojan.rules)


More information about the Emerging-sigs mailing list