[Emerging-updates] Daily Ruleset Update Summary 08/11/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Aug 11 18:29:42 EDT 2014


 [***]          Summary:          [***]

 11 new Open rules. 24 Pro rules (11/13). Turla/SPL2, Lurk, KINS ssl, etc.
Tks Jake Warren, @rmkml, @Regiteric, @abuse_ch.

 [+++]          Added rules:          [+++]

  Open:
  2018917 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)
  2018918 - ET POLICY possible Xiaomi phone data leakage DNS (policy.rules)
  2018919 - ET POLICY possible Xiaomi phone data leakage HTTP (policy.rules)
  2018920 - ET CURRENT_EVENTS DRIVEBY Malicious Plugin Detect URI struct
(current_events.rules)
  2018921 - ET TROJAN Trojan-Spy.Win32.HavexSysinfo Response (trojan.rules)
  2018922 - ET CURRENT_EVENTS Turla/SPL EK Java Applet
(current_events.rules)
  2018923 - ET CURRENT_EVENTS Turla/SPL EK Java Exploit
(current_events.rules)
  2018924 - ET CURRENT_EVENTS Turla/SPL EK Java Exploit
(current_events.rules)
  2018925 - ET CURRENT_EVENTS Turla/SPL EK Java Exploit Requested - /spl/
(current_events.rules)
  2018926 - ET TROJAN Lurk Downloader Check-in (trojan.rules)
  2018927 - ET TROJAN Lurk Click fraud Template Request (trojan.rules)

  Pro:
  2808526 - ETPRO TROJAN Win32.Comune.A checkin (trojan.rules)
  2808527 - ETPRO USER_AGENTS Suspicious User Agent Get HTML Source Code
Program (user_agents.rules)
  2808528 - ETPRO MOBILE_MALWARE Android FakeInst-OG Checkin
(mobile_malware.rules)
  2808529 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Carej.b Checkin
(mobile_malware.rules)
  2808530 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Univert.a Checkin
(mobile_malware.rules)
  2808531 - ETPRO TROJAN Trojan-Downloader.Autoit.gen Checkin 2
(trojan.rules)
  2808532 - ETPRO TROJAN Win32/Steroope.B checkin (trojan.rules)
  2808533 - ETPRO TROJAN TROJAN.WIN32.SYSMAIN.C Checkin (trojan.rules)
  2808534 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.Y
(mobile_malware.rules)
  2808535 - ETPRO TROJAN Win32.Symmi.dagurw Checkin (trojan.rules)
  2808536 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Recal.a Checkin
(mobile_malware.rules)
  2808537 - ETPRO TROJAN Win32/PSW.Papras.CK file upload (trojan.rules)
  2808538 - ETPRO MOBILE_MALWARE Android/Koler.C Checkin
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  Open:
  2006435 - ET SCAN LibSSH Based SSH Connection - Often used as a
BruteForce Tool (scan.rules)
  2018689 - ET SCAN LibSSH2 Based SSH Connection - Often used as a
BruteForce Tool (scan.rules)
  2018703 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)

  Pro:
  2804487 - ETPRO ACTIVEX IBM Rational Rhapsody Blueberry Flashback SDK
FBRecorder ActiveX Control Multiple Remote Code Execution (activex.rules)
  2808518 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.MisoSMS.a Response
(mobile_malware.rules)


 [---]         Removed rules:         [---]

  Open:
  2017795 - ET CURRENT_EVENTS HiMan EK - Payload Downloaded - EXE in ZIP
Downloaded by Java (current_events.rules)

  Pro:
  2808132 - ETPRO CURRENT_EVENTS DRIVEBY Malicious Plugin Detect URI struct
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140811/62893934/attachment.html>


More information about the Emerging-updates mailing list