[Emerging-Sigs] Daily Ruleset Update Summary 09/16/2014

Francis Trudeau ftrudeau at emergingthreats.net
Tue Sep 16 17:38:17 EDT 2014


 [***] Summary: [***]

 9 new Open signatures, 19 new Pro (9+10).  Fiesta EK, Hupigon,
Various Android, Dyre SSL certs.

 Thanks:  tdzmont, Kevin Ross and @MalwareSigs

 [+++]          Added rules:          [+++]

 Open:

  2019178 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 16 2014
(current_events.rules)
  2019179 - ET TROJAN MSIL/Spy.RapidStealer.B Checkin (trojan.rules)
  2019180 - ET CURRENT_EVENTS Malvertising Leading to EK Aug 19 2014
M4 (current_events.rules)
  2019181 - ET CURRENT_EVENTS Possible Android CVE-2014_6041
(current_events.rules)
  2019182 - ET WEB_SERVER HTTP POST Generic eval of base64_decode
(web_server.rules)
  2019183 - ET CURRENT_EVENTS Fiesta EK Gate (current_events.rules)
  2019184 - ET CURRENT_EVENTS Fiesta EK Silverlight Based Redirect
(current_events.rules)
  2019185 - ET CURRENT_EVENTS Nuclear EK Gate Sep 16 2014 (current_events.rules)
  2019186 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 16 2014
(current_events.rules)

 Pro:

  2808815 - ETPRO TROJAN Trojan.Rontokbro C2 (trojan.rules)
  2808816 - ETPRO TROJAN Win32/Cendelf.gen!A Dropping Files (trojan.rules)
  2808817 - ETPRO TROJAN Win32.Chifrax Variant C2 (trojan.rules)
  2808818 - ETPRO MALWARE Riskware/EliteKeylogger checkin (malware.rules)
  2808819 - ETPRO TROJAN Win32.Hupigon.cbtep Checkin (trojan.rules)
  2808820 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.aq Checkin
(mobile_malware.rules)
  2808821 - ETPRO TROJAN Win32.IRCBot Variant C2 (trojan.rules)
  2808822 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a
Checkin 4 (mobile_malware.rules)
  2808823 - ETPRO TROJAN Gozi/Ursnif/Papras SSL Cert (trojan.rules)
  2808824 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Stealer.a
Checkin 3 (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2017667 - ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05
2013 (current_events.rules)
  2018979 - ET TROJAN Miras C2 Activity (trojan.rules)
  2019143 - ET MALWARE PUP Win32.SoftPulse Retrieving data (malware.rules)
  2805882 - ETPRO MOBILE_MALWARE Android/JSmsHider.B Checkin
(mobile_malware.rules)
  2806877 - ETPRO MOBILE_MALWARE Android/TheftSpy.C Checkin
(mobile_malware.rules)
  2808670 - ETPRO TROJAN POSCARDSTEALER.Q Checkin (trojan.rules)
  2808791 - ETPRO TROJAN Win32/Xymne Checkin (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2018171 - ET CURRENT_EVENTS Angler Landing Page Feb 24 2014
(current_events.rules)


 [---]         Removed rules:         [---]

  2805319 - ETPRO NETBIOS Microsoft Remote Administration Protocol
Windows XP NetServerEnum API Heap Buffer Overflow (netbios.rules)


More information about the Emerging-sigs mailing list