[Emerging-updates] Daily Ruleset Update Summary 09/25/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Sep 25 12:11:54 HADT 2013


[***]          Summary:          [***]

14 new Open rules. 22 new Pro rules (14/8) Worm.VBS.ayr,OSX
Leverage.a,DATA-BROKER,Hiloti,Caphaw,etc. Thanks to Kevin Ross, Alien
Vault, all.


[+++]          Added rules:          [+++]

  Open:
  2017512 - ET CURRENT_EVENTS W32/Caphaw DriveBy Campaign Statistic.js
(current_events.rules)
  2017513 - ET CURRENT_EVENTS W32/Caphaw DriveBy Campaign Ping.html
(current_events.rules)
  2017515 - ET INFO User-Agent (python-requests) Inbound to Webserver
(info.rules)
  2017516 - ET TROJAN Worm.VBS.ayr Checkin 1 (trojan.rules)
  2017517 - ET TROJAN Worm.VBS.ayr Checkin 2 (trojan.rules)
  2017518 - ET TROJAN Worm.VBS.ayr CnC command (/iam-ready) (trojan.rules)
  2017519 - ET TROJAN Worm.VBS.ayr CnC command (is-enum-driver)
(trojan.rules)
  2017520 - ET TROJAN Worm.VBS.ayr CnC command (is-enum-folder)
(trojan.rules)
  2017521 - ET TROJAN Worm.VBS.ayr CnC command (is-enum-process)
(trojan.rules)
  2017522 - ET TROJAN Worm.VBS.ayr CnC command (is-cmd-shell) (trojan.rules)
  2017523 - ET TROJAN Worm.VBS.ayr CnC command response (trojan.rules)
  2017524 - ET TROJAN DATA-BROKER BOT Activity (trojan.rules)
  2017525 - ET TROJAN OSX/Leverage.A Checkin (trojan.rules)
  2017525 - ET TROJAN Hiloti/Mufanom CnC Response (trojan.rules)

  Pro:
  2807069 - ETPRO MOBILE_MALWARE AndroidOS.CardServ.D Checkin
(mobile_malware.rules)
  2807070 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.cw Checkin
(mobile_malware.rules)
  2807071 - ETPRO MOBILE_MALWARE
Android/TrojanSMS.Agent.PS<http://trojansms.agent.ps/> Checkin
(mobile_malware.rules)
  2807072 - ETPRO MOBILE_MALWARE
RiskTool.AndroidOS.SMSreg.cu<http://risktool.androidos.smsreg.cu/>
Checkin
(mobile_malware.rules)
  2807073 - ETPRO MOBILE_MALWARE Android/JSmsHider.L Checkin
(mobile_malware.rules)
  2807074 - ETPRO MOBILE_MALWARE Android/SMSreg.AV Checkin
(mobile_malware.rules)
  2807076 - ETPRO TROJAN Generic.Banker.Delf.0DD62421 Checkin
 (trojan.rules)
  2807077 - ETPRO MALWARE Win32.Zbot.f Checkin (malware.rules)


 [///]     Modified active rules:     [///]

  2010071 - ET TROJAN Hiloti/Mufanom Downloader Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2806914 - ETPRO TROJAN Worm.VBS.ayr Checkin 1 (trojan.rules)
  2806915 - ETPRO TROJAN Worm.VBS.ayr Checkin 2 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130925/6d6da874/attachment.html>


More information about the Emerging-updates mailing list