[Emerging-updates] Daily Ruleset Update Summary 06/16/2014

Francis Trudeau ftrudeau at emergingthreats.net
Mon Jun 16 21:56:39 EDT 2014


We moved Pro rule 2808189 to Open rule 2018573.  A new set is on the
servers as of right now.

 [+++]          Added rules:          [+++]

  2018573 - ET CURRENT_EVENTS Safe/CritX/FlashPack EK Secondary Landing
(current_events.rules)


 [---]         Removed rules:         [---]

  2808189 - ETPRO CURRENT_EVENTS Safe/CritX/FlashPack EK Secondary Landing
(current_events.rules)


On Mon, Jun 16, 2014 at 7:35 PM, Francis Trudeau <
ftrudeau at emergingthreats.net> wrote:

>  [***] Summary: [***]
>
>  8 Open signatures. 20 Pro (8+12).  Various Android, SNMP Router DOS.
>
>  Thanks:  Kevin Ross.
>
>  [+++]          Added rules:          [+++]
>
>  Open:
>
>   2018565 - ET MALWARE W32/RocketfuelNextUp.Adware CnC Beacon
> (malware.rules)
>   2018566 - ET TROJAN Hangover related campaign Checkin (trojan.rules)
>   2018567 - ET TROJAN Hangover related campaign Response (trojan.rules)
>   2018568 - ET CURRENT_EVENTS Possible Inbound SNMP Router DoS (TTL 1)
> (current_events.rules)
>   2018569 - ET CURRENT_EVENTS Possible Inbound SNMP Router DoS (Disable
> Forwarding) (current_events.rules)
>   2018570 - ET TROJAN HTTP Request to a *.su domain with direct
> request/fakebrowser (multiple families flowbit set)  (trojan.rules)
>   2018571 - ET TROJAN HTTP Request to a *.pw domain with direct
> request/fake browser (multiple families flowbit set)  (trojan.rules)
>   2018572 - ET TROJAN HTTP Executable Download from suspicious domain with
> direct request/fake browser (multiple families)  (trojan.rules)
>
>  Pro:
>
>   2808186 - ETPRO TROJAN suspicious User-Agent and Request on Unusual Port
> Win32/Jeefo.A (trojan.rules)
>   2808187 - ETPRO MALWARE .exe and suspicious User-Agent Win32/FakeVimes
> (malware.rules)
>   2808188 - ETPRO TROJAN  suspicious User-Agent .exe Win32/Kotan
> (trojan.rules)
>   2808189 - ETPRO CURRENT_EVENTS Safe/CritX/FlashPack EK Secondary Landing
> (current_events.rules)
>   2808190 - ETPRO TROJAN Virus Total vtapi DOS (trojan.rules)
>   2808191 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.FakeFlash.c Checkin
> (mobile_malware.rules)
>   2808192 - ETPRO TROJAN Boda (trojan.rules)
>   2808193 - ETPRO TROJAN Trojan.BAT.Agent.alb Checkin (trojan.rules)
>   2808194 - ETPRO TROJAN Win32.Onkods.s payload retrieval (trojan.rules)
>   2808195 - ETPRO TROJAN Strictor (trojan.rules)
>   2808196 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.EQ Checkin
> (mobile_malware.rules)
>   2808197 - ETPRO TROJAN Suspicious User-Agent Win32/Mosucker
> (trojan.rules)
>
>
>  [///]     Modified active rules:     [///]
>
>   2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake
> (Mozilla/4.0) (malware.rules)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140616/4c3c1822/attachment.html>


More information about the Emerging-updates mailing list