[Emerging-Sigs] Daily Ruleset Update Summary 09/19/2014

Francis Trudeau ftrudeau at emergingthreats.net
Fri Sep 19 18:11:36 EDT 2014


 [***] Summary: [***]

 5 new Open signatures, 18 new Pro (5+13).  NewPosThings, Sefnit.R,
TROJANCLICKER.MSIL  UFONet DDoS activity.

 Thanks:  Jake Warren.

 [+++]          Added rules:          [+++]

 Open:

  2019197 - ET TROJAN NewPosThings Checkin (trojan.rules)
  2019198 - ET TROJAN NewPosThings Data Exfiltration (trojan.rules)
  2019199 - ET TROJAN NewPosThings POST with Fake UA and Accept Header
(trojan.rules)
  2019200 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 19 2014
(current_events.rules)
  2019201 - ET TROJAN Backdoor.Win32/PcClient.AA Checkin (trojan.rules)

 Pro:

  2808848 - ETPRO TROJAN Win32/Sefnit.R Checkin (trojan.rules)
  2808849 - ETPRO TROJAN Win32.CFPass.dcb Checkin (trojan.rules)
  2808850 - ETPRO TROJAN Troj/Buzus-CZ checkin (trojan.rules)
  2808851 - ETPRO TROJAN Win32/Spy.Rehtesyk.A Checkin 1 (trojan.rules)
  2808852 - ETPRO TROJAN Win32/Spy.Rehtesyk.A Checkin 2 (trojan.rules)
  2808853 - ETPRO TROJAN W32/Banker.GAJ!tr Checkin via SMTP (trojan.rules)
  2808854 - ETPRO TROJAN TROJANCLICKER.MSIL/EZBRO.A Checkin  (trojan.rules)
  2808855 - ETPRO TROJAN TROJANCLICKER.MSIL/EZBRO.A Keep-Alive (trojan.rules)
  2808856 - ETPRO WEB_SPECIFIC_APPS Possible UFONet DDoS Participation
(web_specific_apps.rules)
  2808857 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a
Checkin 5 (mobile_malware.rules)
  2808858 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a
Response (mobile_malware.rules)
  2808859 - ETPRO TROJAN W32/Scribble-B CnC via IRC (trojan.rules)
  2808860 - ETPRO TROJAN Win32/Ramnit.A Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2017505 - ET TROJAN Gh0st Trojan CnC 2 (trojan.rules)
  2806414 - ETPRO TROJAN FakeAV-BT Checkin (trojan.rules)
  2808721 - ETPRO MOBILE_MALWARE Android/Tekwon.A Checkin 2
(mobile_malware.rules)


More information about the Emerging-sigs mailing list