[Emerging-Sigs] Daily Ruleset Update Summary 09/24/2014

Francis Trudeau ftrudeau at emergingthreats.net
Wed Sep 24 18:21:06 EDT 2014


 [***] Summary: [***]

 10 new Open rules, 17 new Pro (10 + 17).  CVE-2014-6271 Bash Vuln,
SolarWinds Storage Manager, AutoSMS.BF, Pushdo V3.

 Thanks:  Jake Warren and @jaimeblascob

 [+++]          Added rules:          [+++]

 Open:

  2019226 - ET CURRENT_EVENTS DRIVEBY Nuclear EK 2013-3918
(current_events.rules)
  2019227 - ET CURRENT_EVENTS Win32/Spy.Zbot.ACB SSL Cert Sept 24 2014
(current_events.rules)
  2019228 - ET MALWARE Win32/SoftPulse.H Checkin (malware.rules)
  2019229 - ET TROJAN Linux/Yangji.A Checkin (trojan.rules)
  2019230 - ET TROJAN Possible Tinba DGA NXDOMAIN Responses (trojan.rules)
  2019231 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in URI
(web_server.rules)
  2019232 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers
(web_server.rules)
  2019233 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client
Body (web_server.rules)
  2019234 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client
Body 2 (web_server.rules)
  2019235 - ET TROJAN Pushdo v3 Checkin (trojan.rules)

 Pro:

  2808879 - ETPRO TROJAN Win32/Spy.Banker.AAHF Checkin (trojan.rules)
  2808880 - ETPRO EXPLOIT SolarWinds Storage Manager Authentication
Bypass (exploit.rules)
  2808881 - ETPRO TROJAN Flooder.LYI Checkin (trojan.rules)
  2808882 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.BF Checkin
(mobile_malware.rules)
  2808883 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.BF Checkin 2
(mobile_malware.rules)
  2808884 - ETPRO MALWARE PUA.Kuaiba Checkin (malware.rules)
  2808885 - ETPRO MOBILE_MALWARE AndroidOS/GGTracker.A Checkin 3
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2010875 - ET TROJAN Blackenergy Bot Checkin to C&C (2) (trojan.rules)
  2018005 - ET TROJAN Possible Upatre Downloader SSL certificate (fake
org) (trojan.rules)
  2018789 - ET POLICY TLS possible TOR SSL traffic (policy.rules)
  2019078 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Aug 27 2014
(current_events.rules)
  2019204 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) (trojan.rules)
  2805870 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Placms.F Checkin
(mobile_malware.rules)
  2806161 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.i Checkin
(mobile_malware.rules)
  2807793 - ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin (trojan.rules)
  2808505 - ETPRO TROJAN Autoit.LOX Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2015629 - ET TROJAN Cridex Response from exfiltrated data upload
(trojan.rules)
  2018327 - ET SCAN JCE Joomla Extension User-Agent (BOT) (scan.rules)
  2807988 - ETPRO TROJAN Win32/Spy.Agent.OIA Checkin 2 (trojan.rules)
  2808434 - ETPRO MALWARE Win32/SoftPulse.H Checkin (malware.rules)


More information about the Emerging-sigs mailing list