[Emerging-updates] Daily Ruleset Update Summary 08/25/2014

Francis Trudeau ftrudeau at emergingthreats.net
Mon Aug 25 18:30:28 EDT 2014


 [***] Summary: [***]

 29 new Open signatures, 42 new Pro (29+13).  Archie EK, NTP DDOS,
FlashPack EK, Abuse.ch SSL Blacklist.

 Thanks:  Jake Warren, ABUSE.CH and @kafeine

 [+++]          Added rules:          [+++]

 Open:

  2018994 - ET TROJAN Win32/Xema dropping file (trojan.rules)
  2018995 - ET CURRENT_EVENTS Archie EK CVE-2014-0515 Aug 24 2014
(current_events.rules)
  2018996 - ET CURRENT_EVENTS Archie EK CVE-2014-0497 Aug 24 2014
(current_events.rules)
  2018997 - ET CURRENT_EVENTS Archie EK Secondary Landing Aug 24 2014
(current_events.rules)
  2018998 - ET CURRENT_EVENTS Archie EK Landing Aug 24 2014
(current_events.rules)
  2018999 - ET TROJAN Win32/Spy.Tuscas (trojan.rules)
  2019000 - ET TROJAN Windows ipconfig Microsoft Windows DOS prompt
command exit OUTBOUND (trojan.rules)
  2019001 - ET TROJAN Windows net start Microsoft Windows DOS prompt
command exit OUTBOUND (trojan.rules)
  2019002 - ET TROJAN Windows systeminfo Microsoft Windows DOS prompt
command exit OUTBOUND (trojan.rules)
  2019003 - ET TROJAN Windows netstat Microsoft Windows DOS prompt
command exit OUTBOUND (trojan.rules)
  2019004 - ET CURRENT_EVENTS FlashPack EK Exploit Flash Post Aug 25
2014 (current_events.rules)
  2019005 - ET CURRENT_EVENTS FlashPack EK Redirect Aug 25 2014
(current_events.rules)
  2019006 - ET CURRENT_EVENTS FlashPack EK Exploit Landing Aug 25 2014
(current_events.rules)
  2019007 - ET CURRENT_EVENTS FlashPack EK JS Include Aug 25 2014
(current_events.rules)
  2019008 - ET CURRENT_EVENTS Safe/CritX/FlashPack Java Payload
(current_events.rules)
  2019009 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019010 - ET DOS Likely NTP DDoS In Progress PEER_LIST Response to
Non-Ephemeral Port IMPL 0x02 (dos.rules)
  2019011 - ET DOS Likely NTP DDoS In Progress PEER_LIST Response to
Non-Ephemeral Port IMPL 0x03 (dos.rules)
  2019012 - ET DOS Likely NTP DDoS In Progress PEER_LIST_SUM Response
to Non-Ephemeral Port IMPL 0x02 (dos.rules)
  2019013 - ET DOS Likely NTP DDoS In Progress PEER_LIST_SUM Response
to Non-Ephemeral Port IMPL 0x03 (dos.rules)
  2019014 - ET DOS Likely NTP DDoS In Progress GET_RESTRICT Response
to Non-Ephemeral Port IMPL 0x03 (dos.rules)
  2019015 - ET DOS Likely NTP DDoS In Progress GET_RESTRICT Response
to Non-Ephemeral Port IMPL 0x02 (dos.rules)
  2019016 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed
PEER_LIST Requests IMPL 0x03 (dos.rules)
  2019017 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed
PEER_LIST Requests IMPL 0x02 (dos.rules)
  2019018 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed
PEER_LIST_SUM Requests IMPL 0x03 (dos.rules)
  2019019 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed
PEER_LIST_SUM Requests IMPL 0x02 (dos.rules)
  2019020 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed
GET_RESTRICT Requests IMPL 0x03 (dos.rules)
  2019021 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed
GET_RESTRICT Requests IMPL 0x02 (dos.rules)
  2019022 - ET DOS Likely NTP DDoS In Progress Multiple UNSETTRAP Mode
6 Responses (dos.rules)

 Pro:

  2808626 - ETPRO TROJAN Win32.Dapato.Ang Checkin (trojan.rules)
  2808627 - ETPRO MALWARE PUP/MultiToolbar.A Checkin (malware.rules)
  2808628 - ETPRO TROJAN Win32/Asper.O Checkin (trojan.rules)
  2808629 - ETPRO MALWARE PUP Win32/bmMedia.D Checkin (malware.rules)
  2808630 - ETPRO MALWARE Adware Win32/IEMao.A Checkin (malware.rules)
  2808631 - ETPRO TROJAN Variant.Kazy.365193(B) Checkin (trojan.rules)
  2808632 - ETPRO TROJAN Win32.Sinresby C2 (trojan.rules)
  2808633 - ETPRO MALWARE Win32.Conducent Checkin (malware.rules)
  2808634 - ETPRO TROJAN MSIL/Injector.P Checkin (trojan.rules)
  2808635 - ETPRO MALWARE Riskware.Chindo Checkin (malware.rules)
  2808636 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.DO Checkin
(mobile_malware.rules)
  2808637 - ETPRO MOBILE_MALWARE Adware.Android.AppLovin.A Checkin
(mobile_malware.rules)
  2808638 - ETPRO MALWARE Win32/InstallBrain.BH Retrieving info (malware.rules)


 [///]     Modified active rules:     [///]

  2017813 - ET CURRENT_EVENTS Safe/CritX/FlashPack Payload
(current_events.rules)
  2018983 - ET CURRENT_EVENTS Probable OneLouder downloader (Zeus P2P)
(current_events.rules)
  2807086 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Obad.a Checkin 2
(mobile_malware.rules)


 [---]         Removed rules:         [---]

  2807750 - ETPRO TROJAN Trojan-Dropper.Win32.Dinwod.rbd Checkin (trojan.rules)


More information about the Emerging-updates mailing list