[Emerging-updates] Daily Ruleset Update Summary 06/16/2014

Francis Trudeau ftrudeau at emergingthreats.net
Mon Jun 16 21:35:01 EDT 2014


 [***] Summary: [***]

 8 Open signatures. 20 Pro (8+12).  Various Android, SNMP Router DOS.

 Thanks:  Kevin Ross.

 [+++]          Added rules:          [+++]

 Open:

  2018565 - ET MALWARE W32/RocketfuelNextUp.Adware CnC Beacon
(malware.rules)
  2018566 - ET TROJAN Hangover related campaign Checkin (trojan.rules)
  2018567 - ET TROJAN Hangover related campaign Response (trojan.rules)
  2018568 - ET CURRENT_EVENTS Possible Inbound SNMP Router DoS (TTL 1)
(current_events.rules)
  2018569 - ET CURRENT_EVENTS Possible Inbound SNMP Router DoS (Disable
Forwarding) (current_events.rules)
  2018570 - ET TROJAN HTTP Request to a *.su domain with direct
request/fakebrowser (multiple families flowbit set)  (trojan.rules)
  2018571 - ET TROJAN HTTP Request to a *.pw domain with direct
request/fake browser (multiple families flowbit set)  (trojan.rules)
  2018572 - ET TROJAN HTTP Executable Download from suspicious domain with
direct request/fake browser (multiple families)  (trojan.rules)

 Pro:

  2808186 - ETPRO TROJAN suspicious User-Agent and Request on Unusual Port
Win32/Jeefo.A (trojan.rules)
  2808187 - ETPRO MALWARE .exe and suspicious User-Agent Win32/FakeVimes
(malware.rules)
  2808188 - ETPRO TROJAN  suspicious User-Agent .exe Win32/Kotan
(trojan.rules)
  2808189 - ETPRO CURRENT_EVENTS Safe/CritX/FlashPack EK Secondary Landing
(current_events.rules)
  2808190 - ETPRO TROJAN Virus Total vtapi DOS (trojan.rules)
  2808191 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.FakeFlash.c Checkin
(mobile_malware.rules)
  2808192 - ETPRO TROJAN Boda (trojan.rules)
  2808193 - ETPRO TROJAN Trojan.BAT.Agent.alb Checkin (trojan.rules)
  2808194 - ETPRO TROJAN Win32.Onkods.s payload retrieval (trojan.rules)
  2808195 - ETPRO TROJAN Strictor (trojan.rules)
  2808196 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.EQ Checkin
(mobile_malware.rules)
  2808197 - ETPRO TROJAN Suspicious User-Agent Win32/Mosucker (trojan.rules)


 [///]     Modified active rules:     [///]

  2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake
(Mozilla/4.0) (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140616/79610b09/attachment.html>


More information about the Emerging-updates mailing list