[Emerging-Sigs] Daily Ruleset Update Summary 09/22/2014

Francis Trudeau ftrudeau at emergingthreats.net
Mon Sep 22 17:31:26 EDT 2014


 [***] Summary: [***]

 12 new Open signatures, 20 new Pro (12+8).  Linux/BillGates, Various
Android, Nuclear EK.

 Thanks:  @MalwareMustDie and @abuse_ch


 [+++]          Added rules:          [+++]

 Open:

  2019202 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 2
(trojan.rules)
  2019203 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 3
(trojan.rules)
  2019204 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) (trojan.rules)
  2019205 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019206 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS CnC) (trojan.rules)
  2019207 - ET TROJAN Linux/BillGates Checkin (trojan.rules)
  2019208 - ET TROJAN Linux/BillGates Checkin Response (trojan.rules)
  2019209 - ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF Struct (no alert)
(current_events.rules)
  2019210 - ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF (current_events.rules)
  2019211 - ET TROJAN Win32/Badur.igh Checkin 2 (trojan.rules)
  2019212 - ET TROJAN Bossabot DDoS tool RFI attempt (trojan.rules)
  2019213 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 22 2014
(current_events.rules)

 Pro:

  2808861 - ETPRO TROJAN Likely Win32/Spy.Zbot.AAQ .onion Proxy DNS
lookup (trojan.rules)
  2808862 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.BX Checkin 4
(mobile_malware.rules)
  2808863 - ETPRO TROJAN TROJAN Win32/Seey.A Checkin (trojan.rules)
  2808864 - ETPRO MOBILE_MALWARE Android/InfoStealer.BL Checkin via
SMTP (mobile_malware.rules)
  2808865 - ETPRO TROJAN TROJAN Win32/Seey.A User-Agent (trojan.rules)
  2808866 - ETPRO TROJAN TROJAN Win32/Seey.A Checkin 2 (trojan.rules)
  2808867 - ETPRO WEB_CLIENT Possible Adobe Reader CVE-2014-0567
(web_client.rules)
  2808868 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin
10 (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2019134 - ET CURRENT_EVENTS Flashpack Redirect Method 2 (current_events.rules)
  2019172 - ET TROJAN Linux.DDoS Checkin (trojan.rules)
  2019177 - ET TROJAN Linux/AES.DDoS Sending Real/Fake CPU&BW Info
(trojan.rules)
  2019185 - ET CURRENT_EVENTS Nuclear EK Gate Sep 16 2014 (current_events.rules)
  2807357 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.SD Checkin
(mobile_malware.rules)
  2808659 - ETPRO CURRENT_EVENTS FlashPack URI Struct Thread 2
Specific (current_events.rules)
  2808843 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh Checkin
2 (mobile_malware.rules)
  2808844 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh
Response 2 (mobile_malware.rules)


 [---]         Removed rules:         [---]

  2403321 - ET CINS Active Threat Intelligence Poor Reputation IP
group 22 (ciarmy.rules)
  2405062 - ET CNC Shadowserver Reported CnC Server Port 58914 Group 1
(botcc.portgrouped.rules)
  2803491 - ETPRO TROJAN Suspicious HTTP STOP Return -
Trojan.Win32.FakeAV.cfty or Related Controller (trojan.rules)
  2807626 - ETPRO TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND)
(trojan.rules)
  2807683 - ETPRO TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 2
(trojan.rules)
  2807710 - ETPRO TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 3
(trojan.rules)


More information about the Emerging-sigs mailing list