[Emerging-updates] Daily Ruleset Update Summary 07/31/2014

Darien Huss dhuss at emergingthreats.net
Fri Aug 1 07:56:35 EDT 2014


We forgot to include @Rmkml in our thanks yesterday. Thank you @Rmkml!

Regards,
Darien


On Thu, Jul 31, 2014 at 5:28 PM, Francis Trudeau <
ftrudeau at emergingthreats.net> wrote:

>  [***] Summary: [***]
>
>  14 new Open signatures, 17 new Pro (14+3).  Backoff POS, Pbstealer,
> ABUSE.CH Malicious SSL certificates.
>
>  Thanks:  ABUSE.CH
>
>
>  [+++]          Added rules:          [+++]
>
>  Open:
>
>   2018494 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
> certificate detected (KINS C2) (trojan.rules)
>   2018600 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
> certificate detected (KINS C2) (trojan.rules)
>   2018736 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
> certificate detected (KINS C2) (trojan.rules)
>   2018856 - ET TROJAN Windows executable base64 encoded (trojan.rules)
>   2018857 - ET TROJAN Backoff POS Checkin (trojan.rules)
>   2018858 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (KINS C2) (trojan.rules)
>   2018859 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (KINS C2) (trojan.rules)
>   2018860 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (KINS C2) (trojan.rules)
>   2018861 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (KINS C2) (trojan.rules)
>   2018862 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (KINS C2) (trojan.rules)
>   2018863 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (KINS C2) (trojan.rules)
>   2018864 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (KINS C2) (trojan.rules)
>   2018865 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (KINS C2) (trojan.rules)
>   2018866 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (KINS C2) (trojan.rules)
>
>  Pro:
>
>   2808479 - ETPRO TROJAN Trojan.Win32.Autoit.dbiolu Checkin (trojan.rules)
>   2808480 - ETPRO TROJAN Trojan.Win32.Banload.BTVS SQL Checkin
> (trojan.rules)
>   2808481 - ETPRO MOBILE_MALWARE Android-Malicious/Pbstealer Checkin
> (mobile_malware.rules)
>
>
>  [///]     Modified active rules:     [///]
>
>   2808292 - ETPRO MOBILE_MALWARE Android/Simplocker.B Checkin
> (mobile_malware.rules)
>
>
>  [---]  Disabled and modified rules:  [---]
>
>   2808313 - ETPRO TROJAN Win32.Tavex.A Checkin 2 (trojan.rules)
>
>
>  [---]         Removed rules:         [---]
>
>   2012330 - ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
> (current_events.rules)
>   2018494 - ET CURRENT_EVENTS ABUSE.CH SSL Fingerprint Blacklist
> Malicious SSL certificate detected (KINS C2) (current_events.rules)
>   2018600 - ET CURRENT_EVENTS ABUSE.CH SSL Fingerprint Blacklist
> Malicious SSL certificate detected (KINS C2) (current_events.rules)
>   2018736 - ET CURRENT_EVENTS ABUSE.CH SSL Fingerprint Blacklist
> Malicious SSL certificate detected (KINS C2) (current_events.rules)
>   2018847 - ET INFO DYNAMIC_DNS HTTP Request to *.passinggas.net
> Domain (Sitelutions) (info.rules)
>   2018848 - ET INFO DYNAMIC_DNS Query to *.passinggas.net Domain
> (Sitelutions) (info.rules)
>   2807775 - ETPRO TROJAN Win32/Injector.gen!ER Checkin (trojan.rules)
> _______________________________________________
> Emerging-updates mailing list
> Emerging-updates at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-updates
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140801/fd39cd92/attachment.html>


More information about the Emerging-updates mailing list