[Emerging-Sigs] Daily Ruleset Update Summary 09/17/2014

Francis Trudeau ftrudeau at emergingthreats.net
Wed Sep 17 17:20:48 EDT 2014


 [***] Summary: [***]

 3 new Open signatures, 18 new Pro (3+15).  Nuclear EK CVE-2013-2551,
Various Android, HttpFileServer RCE, ALCASAR RCE.

 [+++]          Added rules:          [+++]

 Open:

  2019187 - ET TROJAN Kuluoz/Asprox CnC Response (trojan.rules)
  2019188 - ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 Sept 17 2014
(current_events.rules)
  2019189 - ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 URI Struct Sept
17 2014 (current_events.rules)

 Pro:

  2808825 - ETPRO MOBILE_MALWARE Android/Agent.CI!tr Checkin
(mobile_malware.rules)
  2808826 - ETPRO TROJAN Win32/Regitry Checkin (trojan.rules)
  2808827 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.bz Checkin
(mobile_malware.rules)
  2808828 - ETPRO WEB_SPECIFIC_APPS HttpFileServer 2.3.x Remote
Command Execution (web_specific_apps.rules)
  2808829 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.DO Checkin
(mobile_malware.rules)
  2808830 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ap Checkin
(mobile_malware.rules)
  2808831 - ETPRO WEB_SPECIFIC_APPS ALCASAR up to 2.8.1 RCE
Vulnerabily being exploited (web_specific_apps.rules)
  2808832 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.eg
Checkin (mobile_malware.rules)
  2808833 - ETPRO POLICY Proxy.pac Download (policy.rules)
  2808834 - ETPRO MALWARE Hoax.Win32.ArchSMS.YU Checkin (malware.rules)
  2808836 - ETPRO TROJAN suspicious User-Agent (payloadworking) (trojan.rules)
  2808837 - ETPRO TROJAN Troj/BadCab CnC (trojan.rules)
  2808838 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.o
Checkin (mobile_malware.rules)
  2808839 - ETPRO POLICY WebSocket Session Initiation Request (policy.rules)
  2808840 - ETPRO POLICY WebSocket Session Initiation Response (policy.rules)


 [///]     Modified active rules:     [///]

  2014435 - ET TROJAN Infostealer.Banprox Proxy.pac Download (trojan.rules)
  2017895 - ET TROJAN Kuluoz/Asprox Activity (trojan.rules)
  2807621 - ETPRO TROJAN Zegost.Gen CnC (OUTBOUND) (trojan.rules)
  2808776 - ETPRO TROJAN Win32/ProxyChanger.EO Checkin 2 (trojan.rules)


More information about the Emerging-sigs mailing list