[Emerging-updates] Daily Ruleset Update Summary 08/18/2014

Francis Trudeau ftrudeau at emergingthreats.net
Mon Aug 18 19:09:55 EDT 2014


 [***] Summary: [***]

 11 new Open rules, 24 new Pro (11+13).  Abuse.ch SSL Blacklist,
Various Android, Win32/Rovnix, Tofsee.

 Thanks:  @kaffeine and @abuse_ch

  [+++]          Added rules:          [+++]

 Open:

  2018942 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS MITM) (trojan.rules)
  2018943 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak MITM) (trojan.rules)
  2018944 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak MITM) (trojan.rules)
  2018945 - ET MOBILE_MALWARE Android/Locker.B Checkin 1 (mobile_malware.rules)
  2018946 - ET MOBILE_MALWARE Android/Locker.B Checkin 2 (mobile_malware.rules)
  2018947 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2018948 - ET TROJAN Likely Synolocker .onion DNS lookup (trojan.rules)
  2018949 - ET TROJAN Win32/PSW.Steam.NBP Checkin (trojan.rules)
  2018950 - ET CURRENT_EVENTS DRIVEBY Angler EK Landing Aug 16 2014
(current_events.rules)
  2018951 - ET TROJAN Tor Based Locker Page (Zerolocker) (trojan.rules)
  2018953 - ET TROJAN ShellBot.C retrieval (trojan.rules)

 Pro:

  2808571 - ETPRO TROJAN Win.Trojan.Chewbacca connectivity check (trojan.rules)
  2808572 - ETPRO MALWARE Win32/AdWare.Laban.G Checkin (malware.rules)
  2808573 - ETPRO MALWARE PUP Win32/HiddenStart.B Checkin (malware.rules)
  2808574 - ETPRO TROJAN Win32/Emogen-F Checkin (trojan.rules)
  2808575 - ETPRO TROJAN Trojan.Graybird IP Check (trojan.rules)
  2808576 - ETPRO TROJAN Win32/Rovnix.H GET (trojan.rules)
  2808577 - ETPRO TROJAN Win32/Tofsee Loader Config Download (trojan.rules)
  2808578 - ETPRO TROJAN Win32/PSW.Papras.CK Checkin (trojan.rules)
  2808579 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.AVPass.a Checkin
(mobile_malware.rules)
  2808580 - ETPRO TROJAN BKDR_QULKONWI.GHR Checkin (trojan.rules)
  2808581 - ETPRO EXPLOIT VMTurbo Ops Manager Remote Command Execution
(exploit.rules)
  2808582 - ETPRO MOBILE_MALWARE Android.Trojan.Joye.D Checkin
(mobile_malware.rules)
  2808583 - ETPRO MOBILE_MALWARE Android.Gabas.A Checkin (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2018367 - ET MALWARE W32/iBryte.Adware Affiliate Campaign Executable
Download (malware.rules)
  2804473 - ETPRO MALWARE Win32/Adware.Gamevance.BE Checkin 2 (malware.rules)
  2806324 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.gzfw Checkin
(trojan.rules)
  2807850 - ETPRO TROJAN Trojan/MSIL.bfsx Checkin (trojan.rules)
  2808008 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Ackposts.a Checkin
(mobile_malware.rules)
  2808270 - ETPRO TROJAN Win32.Trojan.Hijacker.Akym Checkin (trojan.rules)
  2808565 - ETPRO TROJAN Win32/Banjori.A Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2806557 - ETPRO TROJAN Trojan-Downloader.Win32.VB.gznp Checkin (trojan.rules)


More information about the Emerging-updates mailing list