[Emerging-Sigs] Daily Ruleset Update Summary 09/16/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Sep 16 17:49:00 EDT 2014


Also thanks to Jaime Blasco for 2019181 - ET CURRENT_EVENTS Possible
Android CVE-2014_6041. Sorry about that Jaime, that's my bad. :)..

Regards,

Will

On Tue, Sep 16, 2014 at 4:38 PM, Francis Trudeau <
ftrudeau at emergingthreats.net> wrote:

>  [***] Summary: [***]
>
>  9 new Open signatures, 19 new Pro (9+10).  Fiesta EK, Hupigon,
> Various Android, Dyre SSL certs.
>
>  Thanks:  tdzmont, Kevin Ross and @MalwareSigs
>
>  [+++]          Added rules:          [+++]
>
>  Open:
>
>   2019178 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 16 2014
> (current_events.rules)
>   2019179 - ET TROJAN MSIL/Spy.RapidStealer.B Checkin (trojan.rules)
>   2019180 - ET CURRENT_EVENTS Malvertising Leading to EK Aug 19 2014
> M4 (current_events.rules)
>   2019181 - ET CURRENT_EVENTS Possible Android CVE-2014_6041
> (current_events.rules)
>   2019182 - ET WEB_SERVER HTTP POST Generic eval of base64_decode
> (web_server.rules)
>   2019183 - ET CURRENT_EVENTS Fiesta EK Gate (current_events.rules)
>   2019184 - ET CURRENT_EVENTS Fiesta EK Silverlight Based Redirect
> (current_events.rules)
>   2019185 - ET CURRENT_EVENTS Nuclear EK Gate Sep 16 2014
> (current_events.rules)
>   2019186 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 16 2014
> (current_events.rules)
>
>  Pro:
>
>   2808815 - ETPRO TROJAN Trojan.Rontokbro C2 (trojan.rules)
>   2808816 - ETPRO TROJAN Win32/Cendelf.gen!A Dropping Files (trojan.rules)
>   2808817 - ETPRO TROJAN Win32.Chifrax Variant C2 (trojan.rules)
>   2808818 - ETPRO MALWARE Riskware/EliteKeylogger checkin (malware.rules)
>   2808819 - ETPRO TROJAN Win32.Hupigon.cbtep Checkin (trojan.rules)
>   2808820 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.aq Checkin
> (mobile_malware.rules)
>   2808821 - ETPRO TROJAN Win32.IRCBot Variant C2 (trojan.rules)
>   2808822 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a
> Checkin 4 (mobile_malware.rules)
>   2808823 - ETPRO TROJAN Gozi/Ursnif/Papras SSL Cert (trojan.rules)
>   2808824 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Stealer.a
> Checkin 3 (mobile_malware.rules)
>
>
>  [///]     Modified active rules:     [///]
>
>   2017667 - ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05
> 2013 (current_events.rules)
>   2018979 - ET TROJAN Miras C2 Activity (trojan.rules)
>   2019143 - ET MALWARE PUP Win32.SoftPulse Retrieving data (malware.rules)
>   2805882 - ETPRO MOBILE_MALWARE Android/JSmsHider.B Checkin
> (mobile_malware.rules)
>   2806877 - ETPRO MOBILE_MALWARE Android/TheftSpy.C Checkin
> (mobile_malware.rules)
>   2808670 - ETPRO TROJAN POSCARDSTEALER.Q Checkin (trojan.rules)
>   2808791 - ETPRO TROJAN Win32/Xymne Checkin (trojan.rules)
>
>
>  [---]  Disabled and modified rules:  [---]
>
>   2018171 - ET CURRENT_EVENTS Angler Landing Page Feb 24 2014
> (current_events.rules)
>
>
>  [---]         Removed rules:         [---]
>
>   2805319 - ETPRO NETBIOS Microsoft Remote Administration Protocol
> Windows XP NetServerEnum API Heap Buffer Overflow (netbios.rules)
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140916/5af93ba9/attachment.html>


More information about the Emerging-sigs mailing list