[Emerging-updates] Daily Ruleset Update Summary 01/22/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Jan 22 11:56:00 HAST 2014


 [***]          Summary:          [***]

 12 new Open rules. 26 new Pro rules (12/14).
GoonEK,HeHe.Spy,Browlock,Updatre,etc. Thanks to @EKwatcher, Kevin Ross,
Eoin Miller, all.

There is a new signature set for BOTCC
"rulesemerging-botcc.portgrouped.rules" that includes ports along with
IP's. This will reduce FP's at the cost of performance.

As a reminder we will no longer be updating snort 2.4.x rules as of Feb 10
2014.

 [+++]          Added rules:          [+++]

  Open:
  2017995 - ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 1
(current_events.rules)
  2017996 - ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 2
(current_events.rules)
  2017997 - ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 3
(current_events.rules)
  2017998 - ET CURRENT_EVENTS Possible IE/SilverLight GoonEK Payload
Download (current_events.rules)
  2017999 - ET MOBILE_MALWARE Android/HeHe.Spy getLastVersion CnC Beacon
(mobile_malware.rules)
  2018000 - ET MOBILE_MALWARE Android/HeHe.Spy RegisterRequest CnC Beacon
(mobile_malware.rules)
  2018001 - ET MOBILE_MALWARE Android/HeHe.Spy LoginRequest CnC Beacon
(mobile_malware.rules)
  2018002 - ET MOBILE_MALWARE Android/HeHe.Spy ReportRequest CnC Beacon
(mobile_malware.rules)
  2018003 - ET MOBILE_MALWARE Android/HeHe.Spy GetTaskRequest CnC Beacon
(mobile_malware.rules)
  2018004 - ET MOBILE_MALWARE Android/HeHe.Spy ReportMessageRequest CnC
Beacon (mobile_malware.rules)
  2018005 - ET TROJAN Possible Upatre Downloader SSL certificate (fake org)
(trojan.rules)
  2018006 - ET CURRENT_EVENTS Possible Browlock Hostname Format US
(current_events.rules)


  Pro:
  2807505 - ETPRO TROJAN Trojan.Win32.Vehidis Checkin (trojan.rules)
  2807506 - ETPRO TROJAN Win32.Foreign.jowy 1 (trojan.rules)
  2807507 - ETPRO TROJAN Win32.Foreign.jowy 2 (trojan.rules)
  2807508 - ETPRO TROJAN Win32/Kryptik.BSYO Checkin 2 (trojan.rules)
  2807510 - ETPRO TROJAN MSIL/Injector.BTM Checkin (trojan.rules)
  2807511 - ETPRO WEB_CLIENT PDF use after free (CVE-2014-0496) 1
(web_client.rules)
  2807512 - ETPRO WEB_CLIENT PDF use after free (CVE-2014-0496) 2
(web_client.rules)
  2807513 - ETPRO TROJAN Chifrax.akz Checkin (trojan.rules)
  2807514 - ETPRO TROJAN win32.Kaliox.A (trojan.rules)
  2807515 - ETPRO TROJAN Minirem (trojan.rules)
  2807516 - ETPRO TROJAN Ponmocup (newinstall.ru) (trojan.rules)
  2807517 - ETPRO MALWARE Win.Adware.Agent-1150 (malware.rules)
  2807518 - ETPRO MALWARE AdWare/Sushi.aj (malware.rules)
  2807519 - ETPRO MALWARE AdWare/Sushi.aj Suspicious User-Agent (ps 114)
(malware.rules)


 [///]     Modified active rules:     [///]

  2807460 - ETPRO TROJAN DDoS.Win32/Nitol.gen!A Checkin (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2803105 - ETPRO DNS ISC BIND RRSIG RRsets Denial of Service UDP 1
(dns.rules)
  2803106 - ETPRO DNS ISC BIND RRSIG RRsets Denial of Service TCP 1
(dns.rules)


 [---]         Disabled rules:        [---]

  2807193 - ETPRO TROJAN Trojan-Ransom.Win32.Foreign.
jcov Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2011863 - ET TROJAN Feodo Banking Trojan Receiving Configuration File
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140122/dc43b869/attachment.html>


More information about the Emerging-updates mailing list