[Emerging-Sigs] Daily Ruleset Update Summary 09/23/2014

Francis Trudeau ftrudeau at emergingthreats.net
Tue Sep 23 18:27:37 EDT 2014


 [***] Summary: [***]

 12 new Open rules, 22 new Pro.  NjRAT, Angler EK, Various Android,
Cryptolocker C2.

 Thanks:  Patrick Olsen, Kevin Ross, @kafeine and @abuse_ch

 [+++]          Added rules:          [+++]

 Open:

  2019214 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Capture)
(trojan.rules)
  2019215 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Microphone)
(trojan.rules)
  2019216 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Message)
(trojan.rules)
  2019217 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Remote
Shell) (trojan.rules)
  2019218 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Services
Listing) (trojan.rules)
  2019219 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Registry
Listing) (trojan.rules)
  2019220 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Process
Listing) (trojan.rules)
  2019221 - ET TROJAN njrat ver 0.7d Malware CnC Callback (File
Manager Actions) (trojan.rules)
  2019222 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Keylogging)
(trojan.rules)
  2019223 - ET TROJAN njrat ver 0.7d Malware CnC Callback (trojan.rules)
  2019224 - ET CURRENT_EVENTS DRIVEBY Angler EK Apr 01 2014
(current_events.rules)
  2019225 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (UPATRE CnC) (trojan.rules)

 Pro:

  2808869 - ETPRO MALWARE Riskware.Chindo Checkin 2 (malware.rules)
  2808870 - ETPRO MOBILE_MALWARE Android/MMarketPay.C Checkin
(mobile_malware.rules)
  2808871 - ETPRO MOBILE_MALWARE Android/MMarketPay.C Checkin 2
(mobile_malware.rules)
  2808872 - ETPRO TROJAN Trojan.StoleCert.SPK CnC (trojan.rules)
  2808873 - ETPRO TROJAN Win32.Themida Variant CnC (trojan.rules)
  2808874 - ETPRO TROJAN Trojan.Win32.Kilva Checkin (trojan.rules)
  2808875 - ETPRO TROJAN FakeAV.Malwaredoctor Checkin (trojan.rules)
  2808876 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.u Checkin
4 (mobile_malware.rules)
  2808877 - ETPRO TROJAN Win32/Yeltminky.A Checkin (trojan.rules)
  2808878 - ETPRO TROJAN Cryptographic Locker C2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2006546 - ET SCAN LibSSH Based Frequent SSH Connections Likely
BruteForce Attack! (scan.rules)
  2017430 - ET TROJAN Bladabindi/njrat CnC Command (Keylogger) (trojan.rules)
  2017817 - ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013
(current_events.rules)
  2019074 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
  2019078 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Aug 27 2014
(current_events.rules)
  2019146 - ET CURRENT_EVENTS Sweet Orange CDN Gate Sept 09 2014
Method 2 (current_events.rules)
  2807427 - ETPRO TROJAN Cryp_Banker14 Checkin (trojan.rules)
  2807767 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.c
Checkin (mobile_malware.rules)
  2807768 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.c
Checkin 2 (mobile_malware.rules)
  2808846 - ETPRO TROJAN Win32.Banload Variant Checkin (trojan.rules)
  2808859 - ETPRO TROJAN W32/Scribble-B CnC via IRC (trojan.rules)


 [---]         Removed rules:         [---]

  2006435 - ET SCAN LibSSH Based SSH Connection - Often used as a
BruteForce Tool (scan.rules)
  2018689 - ET SCAN LibSSH2 Based SSH Connection - Often used as a
BruteForce Tool (scan.rules)
  2807913 - ETPRO CURRENT_EVENTS DRIVEBY Angler EK Apr 01 2014
(current_events.rules)


More information about the Emerging-sigs mailing list