[Emerging-updates] Daily Ruleset Update Summary 08/01/2014

Francis Trudeau ftrudeau at emergingthreats.net
Fri Aug 1 17:55:39 EDT 2014


 [***] Summary: [***]

 15 new Open signatures, 29 new Pro (15+14).  Various Tor, Various
AndroidOS, Upatre.

 Thanks:  Kevin Ross.

 [+++]          Added rules:          [+++]

 Open:

  2018867 - ET TROJAN Win32.Sality.3 checkin (trojan.rules)
  2018868 - ET CURRENT_EVENTS Possible Upatre SSL Cert
chinasemservice.com (current_events.rules)
  2018869 - ET TROJAN W32/Pgift.Backdoor APT CnC Beacon (trojan.rules)
  2018870 - ET CURRENT_EVENTS Possible Upatre SSL Cert
ns7-777.777servers.com (current_events.rules)
  2018871 - ET CURRENT_EVENTS Possible Upatre SSL Cert adodis.com
(current_events.rules)
  2018872 - ET TROJAN Tor based locker .onion Proxy domain in SNI July
31, 2014 (trojan.rules)
  2018873 - ET TROJAN Tor based locker Ransome Page (trojan.rules)
  2018874 - ET TROJAN Tor based locker .onion Proxy DNS lookup July
31, 2014 (trojan.rules)
  2018875 - ET POLICY tor4u tor2web .onion Proxy DNS  lookup (policy.rules)
  2018876 - ET POLICY onion.cab .onion Proxy DNS  lookup (policy.rules)
  2018877 - ET TROJAN Tor based locker knowledgewiki.info in SNI July
31, 2014 (trojan.rules)
  2018878 - ET POLICY tor4u tor2web .onion Proxy domain in SNI (policy.rules)
  2018879 - ET POLICY onion.cab tor2web .onion Proxy domain in SNI
(policy.rules)
  2018880 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 40 (trojan.rules)
  2018881 - ET CURRENT_EVENTS Possible Upatre SSL Cert
power2.mschosting.com (current_events.rules)

 Pro:

  2808482 - ETPRO POLICY outgoing icmp_shell session detected (policy.rules)
  2808483 - ETPRO TROJAN Backdoor.APT.Lurid Checkin via POST (trojan.rules)
  2808484 - ETPRO MALWARE PUP Win32/OptimizerElite Checkin (malware.rules)
  2808485 - ETPRO MALWARE Win32/AdWare.ICLoader.A Checkin (malware.rules)
  2808486 - ETPRO TROJAN DDoS.Win32/Nitol.B Checkin (trojan.rules)
  2808487 - ETPRO MOBILE_MALWARE Worm.AndroidOS.Samsapo Checkin
(mobile_malware.rules)
  2808488 - ETPRO MALWARE PUP Win32/4Shared.D Checkin 1 (malware.rules)
  2808489 - ETPRO MALWARE PUP Win32/4Shared.D Checkin 2 (malware.rules)
  2808490 - ETPRO TROJAN WORM Gammima.AG Checkin (trojan.rules)
  2808491 - ETPRO MOBILE_MALWARE AndroidOS/Apperhand.A Checkin
(mobile_malware.rules)
  2808492 - ETPRO TROJAN W32/Sdbot.worm!hz IRC Checkin (trojan.rules)
  2808493 - ETPRO TROJAN Win32/Beastdoor.L sending infected IP address
via ICQ (trojan.rules)
  2808494 - ETPRO MOBILE_MALWARE Android.Gumen.A Checkin (mobile_malware.rules)
  2808495 - ETPRO MOBILE_MALWARE Trojan.Android.Fobus.BI Checkin
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2803145 - ETPRO TROJAN BackDoor.Darkshell.246 CnC traffic (trojan.rules)
  2806209 - ETPRO MOBILE_MALWARE SMSBoxer Checkin (mobile_malware.rules)
  2806877 - ETPRO MOBILE_MALWARE Android/TheftSpy.C Checkin
(mobile_malware.rules)
  2807014 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.eh
Checkin (mobile_malware.rules)
  2807234 - ETPRO TROJAN protux CnC traffic (trojan.rules)
  2807377 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Erop.a Checkin
(mobile_malware.rules)
  2807849 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AAE Checkin
(mobile_malware.rules)
  2808385 - ETPRO TROJAN Win32.Xema Checkin (trojan.rules)


More information about the Emerging-updates mailing list