[Emerging-Sigs] Daily Ruleset Update Summary 09/18/2014

Francis Trudeau ftrudeau at emergingthreats.net
Thu Sep 18 17:48:18 EDT 2014


 [***] Summary: [***]

 7 new Open signatures, 14 new Pro (7+7).  RIG EK, Nuclear EK, Various
Android, Win.Bifrose.agn, Win32.Banload.

 Thanks:  @malwaresigs and @abuse_ch

 [+++]          Added rules:          [+++]

 Open:

  2019190 - ET TROJAN Infostealer.Banprox Proxy.pac Download 2 (trojan.rules)
  2019191 - ET TROJAN Infostealer.Banprox Proxy.pac Download 3 (trojan.rules)
  2019192 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019193 - ET CURRENT_EVENTS RIG EK Landing Page Sept 17 2014
(current_events.rules)
  2019194 - ET CURRENT_EVENTS Nuclear EK Redirect Sept 18 2014
(current_events.rules)
  2019195 - ET CURRENT_EVENTS Nuclear EK Redirect Sept 18 2014
(current_events.rules)
  2019196 - ET CURRENT_EVENTS Androm SSL Cert Sept 18 2014
(current_events.rules)

 Pro:

  2808841 - ETPRO MOBILE_MALWARE Android/JSmsHider.A Checkin 2
(mobile_malware.rules)
  2808842 - ETPRO MOBILE_MALWARE Android/Agent.FP Checkin (mobile_malware.rules)
  2808843 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh Checkin
2 (mobile_malware.rules)
  2808844 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh
Response 2 (mobile_malware.rules)
  2808845 - ETPRO TROJAN Backdoor.Win32.Bifrose.agn Checkin (trojan.rules)
  2808846 - ETPRO TROJAN Win32.Banload Variant Checkin (trojan.rules)
  2808847 - ETPRO MALWARE Win32.Chifrax.Wuhc Checkin (malware.rules)


 [///]     Modified active rules:     [///]

  2000357 - ET P2P BitTorrent Traffic (p2p.rules)
  2010144 - ET P2P Vuze BT UDP Connection (5) (p2p.rules)
  2014435 - ET TROJAN Infostealer.Banprox Proxy.pac Download (trojan.rules)
  2805446 - ETPRO TROJAN Win32/Recslurp.A Checkin (trojan.rules)


 [---]         Disabled rules:        [---]

  2808839 - ETPRO POLICY WebSocket Session Initiation Request (policy.rules)
  2808840 - ETPRO POLICY WebSocket Session Initiation Response (policy.rules)


 [---]         Removed rules:         [---]

  2011918 - ET TROJAN FAKEAV Gemini - JavaScript Redirection To FakeAV
Binary (trojan.rules)


More information about the Emerging-sigs mailing list