[Emerging-updates] Daily Ruleset Update Summary 06/09/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Jun 9 18:45:37 EDT 2014


 [+++]          Summary:          [+++]

9 new Open. 13 new Pro (9/4). CottonCastle, Etumbot.B, etc. Special thanks
to Jason Jones and Arbor Networks for allowing us to put the EtumBot
signatures into the Open ruleset. See their excellent write-up here.

http://www.arbornetworks.com/asert/2014/06/illuminating-the-etumbot-apt-backdoor/

 [+++]          Added rules:          [+++]

  Open:
  2018544 - ET CURRENT_EVENTS CottonCastle EK Landing June 05 2014 2
(current_events.rules)
  2018545 - ET CURRENT_EVENTS CottonCastle EK Jar Download Method 2
(current_events.rules)
  2018546 - ET TROJAN EtumBot Registration Request (trojan.rules)
  2018547 - ET TROJAN EtumBot Ping (trojan.rules)
  2018548 - ET TROJAN EtumBot Command Status Message (trojan.rules)
  2018549 - ET TROJAN EtumBot PUT File Response (trojan.rules)
  2018550 - ET TROJAN EtumBot GET File Initial Response (trojan.rules)
  2018551 - ET TROJAN EtumBot GET File Data Upload (trojan.rules)
  2018552 - ET TROJAN Backdoor.Win32/Etumbot.B Requesting RC4 Key
(trojan.rules)

  Pro:
  2808139 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Tramp.a Checkin
(mobile_malware.rules)
  2808140 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Tramp.a Checkin 2
(mobile_malware.rules)
  2808141 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.u Checkin 3
(mobile_malware.rules)
  2808142 - ETPRO TROJAN W32/Simda.BC Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2018508 - ET TROJAN Win32/Enosch.A gtalk connectivity check (trojan.rules)
  2807145 - ETPRO TROJAN Backdoor.Win32.Simda.abpn Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140609/b712a7e0/attachment.html>


More information about the Emerging-updates mailing list