[Emerging-updates] Daily Ruleset Update Summary 08/29/2014

Francis Trudeau ftrudeau at emergingthreats.net
Fri Aug 29 17:50:54 EDT 2014


 [***] Summary: [***]

 15 new Open signatures, 30 new Pro (15+15).  ScanBox, iBryte, BIG-IP
rsync vuln, Archie EK.

 Thanks: @jaimeblascob and @kafeine

 [+++]          Added rules:          [+++]

  2019084 - ET TROJAN Syrian Malware Checkin (trojan.rules)
  2019085 - ET EXPLOIT Metasploit FireFox WebIDL Privileged Javascript
Injection (exploit.rules)
  2019086 - ET CURRENT_EVENTS Unknown Trojan Dropped by Angler Aug 29
2014 (current_events.rules)
  2019087 - ET TROJAN F5 BIG-IP rsync cmi access attempt (trojan.rules)
  2019088 - ET TROJAN F5 BIG-IP rsync cmi authorized_keys access
attempt (trojan.rules)
  2019089 - ET TROJAN F5 BIG-IP rsync cmi authorized_keys successful
exfiltration (trojan.rules)
  2019090 - ET TROJAN F5 BIG-IP rsync cmi authorized_keys successful
upload (trojan.rules)
  2019091 - ET EXPLOIT Metasploit Random Base CharCode JS Encoded
String (exploit.rules)
  2019093 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole
Attacks (current_events.rules)
  2019094 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole
Attacks Intial (POST) (current_events.rules)
  2019095 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole
Attacks (POST) PluginData (current_events.rules)
  2019096 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole
Attacks KeepAlive (current_events.rules)
  2019097 - ET CURRENT_EVENTS Archie EK SilverLight URI Struct
(current_events.rules)
  2019098 - ET CURRENT_EVENTS Archie EK Sending Plugin-Detect Data
(current_events.rules)
  2019099 - ET CURRENT_EVENTS Possible Archie/Metasploit SilverLight
Exploit (current_events.rules)

 Pro:

  2808696 - ETPRO MALWARE W32/iBryte.Adware Installer Download (malware.rules)
  2808697 - ETPRO MOBILE_MALWARE Android/AndroRAT.B Checkin
(mobile_malware.rules)
  2808698 - ETPRO TROJAN Win32/Paskod.B Downloading Files (trojan.rules)
  2808699 - ETPRO TROJAN Win32/KFTC.Downloader Checkin (trojan.rules)
  2808700 - ETPRO TROJAN Win32/KFTC.Downloader Checkin 2 (trojan.rules)
  2808701 - ETPRO TROJAN Win32.Farfli.gq Requesting data (trojan.rules)
  2808702 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.IW Checkin
(mobile_malware.rules)
  2808703 - ETPRO MOBILE_MALWARE Android/DDLight.A Checkin
(mobile_malware.rules)
  2808704 - ETPRO MALWARE PUP Win32/Adware.MediaFinder Checkin 2 (malware.rules)
  2808705 - ETPRO MOBILE_MALWARE Android/SmsSpy.AH Checkin
(mobile_malware.rules)
  2808706 - ETPRO TROJAN Win32/CoinMiner.SO .exe download 2 (trojan.rules)
  2808707 - ETPRO TROJAN Trojan.Keylog!1.9946 Checkin (trojan.rules)
  2808708 - ETPRO TROJAN Win32.Farfli Requesting data 2 (trojan.rules)
  2808709 - ETPRO TROJAN suspicious X-Mailer (Blat v2) (trojan.rules)
  2808710 - ETPRO TROJAN Win32/BrowserPassview sending passwords via
SMTP (trojan.rules)


 [///]     Modified active rules:     [///]

  2018362 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF (current_events.rules)
  2018873 - ET TROJAN Tor based locker Ransom Page (trojan.rules)
  2019034 - ET CURRENT_EVENTS Possible Upatre SSL Cert
dineshuthayakumar.in (current_events.rules)
  2801865 - ETPRO TROJAN Backdoor Darkshell Reporting to CnC (trojan.rules)
  2805820 - ETPRO MOBILE_MALWARE Android/FkToken.A Checkin
(mobile_malware.rules)
  2806210 - ETPRO MOBILE_MALWARE AndroidOS/Gappusin.A Checkin
(mobile_malware.rules)
  2808138 - ETPRO MOBILE_MALWARE Android/Battpatch.A Checkin
(mobile_malware.rules)
  2808677 - ETPRO MOBILE_MALWARE Android/SMForw.AT Checkin
(mobile_malware.rules)
  2808678 - ETPRO MOBILE_MALWARE Android/SMForw.AT Checkin 2
(mobile_malware.rules)


 [---]         Removed rules:         [---]

  2014153 - ET CURRENT_EVENTS High Orbit Ion Cannon (HOIC) Attack
Inbound Generic Detection Double Spaced UA (current_events.rules)
  2018976 - ET MALWARE Hoic.zip retrieval (malware.rules)
  2018977 - ET MALWARE HOIC with booster outbound (malware.rules)
  2018978 - ET WEB_SERVER HOIC with booster inbound (web_server.rules)


More information about the Emerging-updates mailing list