[Emerging-Sigs] Daily Ruleset Update Summary 09/30/2014

Francis Trudeau ftrudeau at emergingthreats.net
Tue Sep 30 17:09:55 EDT 2014


 [***] Summary: [***]

 8 new Open signatures, 14 new Pro (8+6).  Dyre, CVE-2014-6271,
Flashpack, Bredolap/Rebhip/Bifrose, Win32.TrojanDropper.

 Thanks:  @EKwatcher and @kafeine.

 [+++]          Added rules:          [+++]

 Open:

  2019318 - ET MOBILE_MALWARE Android/Code4hk.A Checkin (mobile_malware.rules)
  2019319 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 30 2014
(current_events.rules)
  2019320 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 30 2014
(current_events.rules)
  2019321 - ET CURRENT_EVENTS Upatre redirector 29 Sept 2014 - POST
(current_events.rules)
  2019322 - ET EXPLOIT Possible OpenVPN CVE-2014-6271 attempt (exploit.rules)
  2019323 - ET EXPLOIT Possible OpenVPN CVE-2014-6271 attempt (exploit.rules)
  2019324 - ET CURRENT_EVENTS suspicious embedded zip file in web page
(current_events.rules)
  2019325 - ET CURRENT_EVENTS Flashpack Redirect Method 3 (current_events.rules)

 Pro:

  2808915 - ETPRO TROJAN Trojan.FakeAlert.CAF Checkin (trojan.rules)
  2808916 - ETPRO TROJAN Bredolap/Rebhip/Bifrose Checkin 2 (trojan.rules)
  2808918 - ETPRO MOBILE_MALWARE Android/SMSreg.BI Checkin
(mobile_malware.rules)
  2808920 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.mj Checkin
(mobile_malware.rules)
  2808921 - ETPRO TROJAN DDoS.XOR Checkin (trojan.rules)
  2808922 - ETPRO TROJAN Win32.TrojanDropper.Startpage.klpp Checkin
(trojan.rules)


 [///]     Modified active rules:     [///]

  2003437 - ET P2P Ares over UDP (p2p.rules)
  2019134 - ET CURRENT_EVENTS Flashpack Redirect Method 2 (current_events.rules)
  2808536 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Recal.a Checkin
(mobile_malware.rules)
  2808800 - ETPRO TROJAN Win32.Llac.bbeh downloading files (trojan.rules)


 [---]         Removed rules:         [---]

  2007975 - ET TROJAN Common Downloader Trojan Checkin (trojan.rules)
  2008344 - ET TROJAN Suspicious User-Agent (DownloadNetFile) (trojan.rules)


More information about the Emerging-sigs mailing list